Author

Topic: Floating elements (Read 643 times)

hero member
Activity: 770
Merit: 502
February 15, 2014, 12:28:43 PM
#9
I had this completely wrong. oboy was I all mixed up. I thought floating elements was cursorjacking.

http://forum.palemoon.org/viewtopic.php?p=22856#p22856
hero member
Activity: 770
Merit: 502
February 14, 2014, 09:33:22 AM
#8
Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.

Are you sure you have to actually visit a baddie?

That's the point, you don't, it may be any site you visit where you allow scripts through noscript, or have no noscript protection or turn on java through about:config which is default.

Now, just think about all the people that have no idea about this exploit that is running a basic browser without any protection, example: your facebook casual user
I installed comodo dragon, happens to chrome based browsers as well.

The real whole point of this is.

over@ http://forum.palemoon.org/viewtopic.php?p=8299#p8299 explains where you may disable  websites can't remove stuff, giving you power over your browser.

Why in the hell is there not a setting to stop websites from controlling your cursor? If there are other setting to stop websites controlling other parts of your browser. http://forum.palemoon.org/viewtopic.php?p=8299#p8299 javascript

It's stupid not to have this kind of setting.


Edit:
So the question remains, can mozilla or google or any web browser developer be able to add a setting to block this kind of behavior??? And if not, why not?
sr. member
Activity: 280
Merit: 250
February 13, 2014, 10:18:30 PM
#7
Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.

Are you sure you have to actually visit a baddie?
sr. member
Activity: 840
Merit: 255
SportsIcon - Connect With Your Sports Heroes
February 13, 2014, 10:14:38 PM
#6
So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?

See thats, what I don't know. Everybody is staying silent.

All I know is that they may inject .js into your cursor = what kind of damage?

From this here, I guess it's pretty bad.

http://koto.github.io/blog-kotowicz-net-examples/cursorjacking/
Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.
sr. member
Activity: 280
Merit: 250
February 13, 2014, 10:11:43 PM
#5
That's pretty damn scary. Glad I'm subscribed.
hero member
Activity: 770
Merit: 502
February 13, 2014, 10:10:29 PM
#4
So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?

See thats, what I don't know. Everybody is staying silent.

All I know is that they may inject .js into your cursor = what kind of damage?

From this here, I guess it's pretty bad.

http://koto.github.io/blog-kotowicz-net-examples/cursorjacking/

&

https://dunnesec.wordpress.com/tag/cursorjacking/
sr. member
Activity: 840
Merit: 255
SportsIcon - Connect With Your Sports Heroes
February 13, 2014, 10:09:50 PM
#3
Look, I can't really answer this. Perhaps it's problematic if the cursor manipulation carries on to other site. I believe it's far fetched though.

What I know is that I stay away from forums like those, in the first place. Mozilla, Ubuntu and a few others.
sr. member
Activity: 280
Merit: 250
February 13, 2014, 10:08:15 PM
#2
So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?
hero member
Activity: 770
Merit: 502
February 13, 2014, 09:56:48 PM
#1
[Edit]
Title fixed.
Just jump to Post#9
[/Edit]

I just might be an idiot but this had got my attention and so I questioned it. So I got backlashed and my thread locked.

Lets continue it here, and if you may, explain to me how is this not a security flaw in any browser. By some coders maybe? Someone fully 100% understands this kind of thing.

I am the OP. If you may, take a long good read, and discuss.

http://forums.mozillazine.org/viewtopic.php?f=38&t=2801231

Quote
I am not sure if I am the only one that is devastated by this.

Firefox has no added security to disable cursor manipulations and this is a huge security flaw in firefox.

Any website may inject anykind of malicious into your cursor.

On going discussions that I have created.

First it lead me to goto palemoon forums to seek help.
http://forum.palemoon.org/viewtopic.php?f=5&t=3872

Then from there it lead me to NoScript forums.
http://forums.informaction.com/viewtopic.php?p=67767

And now I am here.

Am I the only one worried about this security flaw? And the only one that is expressing it?

Please discuss...

Self-moderated is enabled to keep it clean.
Jump to: