Firefox Gets Fix For Evil Cursor Attack (zdnet.com)
(Friday August 07, 2020 @07:25PM (msmash)
from the fixing-things dept.)
- Reference: 0134472599
- News link: https://news.slashdot.org/story/20/08/07/2025236/firefox-gets-fix-for-evil-cursor-attack
- Source link: https://www.zdnet.com/article/firefox-gets-fix-for-evil-cursor-attack/
Firefox has fixed a bug that was being exploited in the wild by tech support scammers to [1]create artificial mouse cursors and prevent users from easily leaving malicious sites. From a report:
> The bug was discovered being abused online by UK cyber-security firm Sophos and reported to Mozilla earlier this year. A bugfix was provided and has been live in Firefox since version 79.0, released last week. he bug is a classic "evil cursor" attack and works because modern browsers allow site owners to modify how the mouse cursor looks while users are navigating their websites. This type of customization might look useless, but it's often used for browser-based games, browser augmented reality, or browser virtual reality experiences. However, custom cursors have been a major problem for the regular web. In evil cursor attacks, malicious websites tamper with cursor settings in order to modify where the actual cursor is visible on screen, and where the actual click area is.
[1] https://www.zdnet.com/article/firefox-gets-fix-for-evil-cursor-attack/
> The bug was discovered being abused online by UK cyber-security firm Sophos and reported to Mozilla earlier this year. A bugfix was provided and has been live in Firefox since version 79.0, released last week. he bug is a classic "evil cursor" attack and works because modern browsers allow site owners to modify how the mouse cursor looks while users are navigating their websites. This type of customization might look useless, but it's often used for browser-based games, browser augmented reality, or browser virtual reality experiences. However, custom cursors have been a major problem for the regular web. In evil cursor attacks, malicious websites tamper with cursor settings in order to modify where the actual cursor is visible on screen, and where the actual click area is.
[1] https://www.zdnet.com/article/firefox-gets-fix-for-evil-cursor-attack/