I am surprised that Firefox freely allows access to the clipboard. I'm using Brave and there's an explicit permission for it that is disallowed by default.
There are guardrails around access to the clipboard (and the post talks about the circumstances around it) but this exploit takes advantage of the fact that simply selecting text on X11 puts it in the primary selection buffer. The code just tells Firefox to select the text.
Not that it matters, but it does not really put it into a buffer at least not in the sense that there is a place within X11 that is storing your selection. I think that when you paste the primary selection. X11 directs your application to the application that last selected something and you ask it for the selected bit in a specific (usually text) format.
More on topic, this works fine within the trusted green zone of local desktop applications. but the browser is(or should be) a high security zone. with a really tricky security policy. which to paraphrase would be "Allow passing information to the rest of the os. but only as a result of a direct user request." You don't really want to disallow the browser to script selecting anything, this is useful for editors. but you probably want to maintain a flag on that selection as to if it was done by the user or not.
Well there is my useless pedantry for the day done. My apologies and thank you for letting me get that off my chest.
There are "clipboard managers" that will internally copy the last copied thing as best it can from the clipboard owner, and then when the application exits, will mark its copy as the clipboard owner going forward. If you aren't running a clipboard manager, then yes, nothing will happen.
Some programs (such as xterm) will also use "cut buffers" (in addition to the primary selection, which is what is usually used for the middle button paste) which are retained even if the program is terminated. (Cut buffers are properties of the root window.)
The same thing happens with normal ctrl c + ctrl v. One of the oddities of the Linux desktop of X and Wayland is that for some reason the display server is also in charge of letting people use the clipboard instead of it being done by a dedicated clipboard service.
I boggled over this particular obvious problem for years.
But I don't recall Firefox ever being hardcore security and privacy (even though some of their techies are). For Mozilla, that's a fairly recent positioning that they're growing into.
Initially, there was competition to be the most popular browser.
But most of the history is a constant movement towards having the browser facilitate what companies wanted to do towards users (moving away from the "user agent" as an agent of the user).
In parallel, Google paying Mozilla for placement, and then possibly to keep a nominal competitor alive.
In recent years, Mozilla has been positioning itself as one of the champions for Internet freedom, and I assume that some of their people were that all along (e.g., the kind who could've gone to Google, but chose to work for much less money at Mozilla). Though I don't know how genuine that sentiment is from the top, when leadership draws huge compensation, for poor performance, while laying off techies. (Techies traditionally have lead Internet freedom, from the ground, up, and leadership might be better thought of as a humble support system for that.)
I am using Brave on Linux where I do all my work as well that might by why "copy to CB" on websites do not work for me anymore. I think they did. But there is nothing asking me for permission or anything. I recently was on a website where it just did not work and I needed to manually copy pasta.