Stop Javascript from hijacking clipboard actions in Firefox

Since I’ve been using password managers for a while now (KeePass & LastPass) I keep noticing that some sites will block you from pasting into their password fields. So no I’m not typing in that randomly generated 64 character password ever.

A bit of googling found a Firefox extension that disables clipboard events, but it’s now built into Firefox itself.

Paste this into the URL bar:
about:config

then change this key from true to FALSE
dom.event.clipboardevents.enabled

Now JS in page can’t see clipboard related events and thus can’t stop you from pasting into password fields among other things.

Obviously beware that this may cause issues on some sites, but I’d rather deal with that if it happens than be annoyed by not being able to paste into password fields.

Updating Bash on OS X to avoid that remote execution exploit everyone’s tweeting about

After seeing a lot of tweets about the Bash vulnerability I was tempted to follow the “write a blog post about it in order to learn about it” plan of action, but as I started reading up on the details of how OS X ships with the vulnerable 3.2 version of Bash I came across StackExchange user AlBlue‘s very in-depth answer that covered everything. So go read that answer and compile a new version of Bash and you’re all set.

One thing I will mention again from that answer is that upgrading only your Homebrew’s version of Bash is not enough since the vulnerable /bin/bash executable is still around and most scripts are pointing directly at that version #!/bin/bash not to mention every installed program that references a shell.