Floating elements

[pekv2]

[Edit]
Title fixed.
Just jump to Post#9
[/Edit]

I just might be an idiot but this had got my attention and so I questioned it. So I got backlashed and my thread locked.

Lets continue it here, and if you may, explain to me how is this not a security flaw in any browser. By some coders maybe? Someone fully 100% understands this kind of thing.

I am the OP. If you may, take a long good read, and discuss.

http://forums.mozillazine.org/viewtopic.php?f=38&t=2801231

I am not sure if I am the only one that is devastated by this.

Firefox has no added security to disable cursor manipulations and this is a huge security flaw in firefox.

Any website may inject anykind of malicious into your cursor.

On going discussions that I have created.

First it lead me to goto palemoon forums to seek help.
http://forum.palemoon.org/viewtopic.php?f=5&t=3872

Then from there it lead me to NoScript forums.
http://forums.informaction.com/viewtopic.php?p=67767

And now I am here.

Am I the only one worried about this security flaw? And the only one that is expressing it?

Please discuss...

Self-moderated is enabled to keep it clean.

[Lucky Cris]

So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?

[Wipeout2097]

Look, I can't really answer this. Perhaps it's problematic if the cursor manipulation carries on to other site. I believe it's far fetched though.

What I know is that I stay away from forums like those, in the first place. Mozilla, Ubuntu and a few others.

[pekv2]

So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?

See thats, what I don't know. Everybody is staying silent.

All I know is that they may inject .js into your cursor = what kind of damage?

From this here, I guess it's pretty bad.

http://koto.github.io/blog-kotowicz-net-examples/cursorjacking/

&

https://dunnesec.wordpress.com/tag/cursorjacking/

[Lucky Cris]

That's pretty damn scary. Glad I'm subscribed.

[Wipeout2097]

So are you implying that a virus could be injected into your system through your cursor, or is it just a case of cursor jacking?

See thats, what I don't know. Everybody is staying silent.

All I know is that they may inject .js into your cursor = what kind of damage?

From this here, I guess it's pretty bad.

http://koto.github.io/blog-kotowicz-net-examples/cursorjacking/

Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.

[Lucky Cris]

Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.

Are you sure you have to actually visit a baddie?

[pekv2]

Oh, I get it. Well, the issue is visiting a malicious website in the first place. Nobody will waste time to fool around with your cursor when they can convince to run a java applet or download innocent looking malware. At least that's the way I see it.

Are you sure you have to actually visit a baddie?

That's the point, you don't, it may be any site you visit where you allow scripts through noscript, or have no noscript protection or turn on java through about:config which is default.

Now, just think about all the people that have no idea about this exploit that is running a basic browser without any protection, example: your facebook casual user <lol.

I installed comodo dragon, happens to chrome based browsers as well.

The real whole point of this is.

over@ http://forum.palemoon.org/viewtopic.php?p=8299#p8299 explains where you may disable  websites can't remove stuff, giving you power over your browser.

Why in the hell is there not a setting to stop websites from controlling your cursor? If there are other setting to stop websites controlling other parts of your browser. http://forum.palemoon.org/viewtopic.php?p=8299#p8299 javascript

It's stupid not to have this kind of setting.


Edit:
So the question remains, can mozilla or google or any web browser developer be able to add a setting to block this kind of behavior??? And if not, why not?

[pekv2]

I had this completely wrong. oboy was I all mixed up. I thought floating elements was cursorjacking.

http://forum.palemoon.org/viewtopic.php?p=22856#p22856