THE Firefox fixed a bug last week used by tech scammers to create artificial mouse pointers preventing users from easily leaving malicious websites.
The bug was discovered to have been hacked online by British security company Sophos and reported to Mozilla earlier this year.
What is the attack "evil cursor";
A classic attack "evil cursor”Works because modern browsers allow site owners to modify the appearance of the mouse cursor to users browsing their sites.
The feature may seem useless, but it is often used in browser-based games, browser augmented reality, or browser-based virtual reality experiences. However, custom mouse pointers can become a major problem in normal tissue.
Watch the video of Sophos
In attacks with evil cursor, malicious sites violate mouse pointer settings to modify where the actual cursor is visible on the screen and where the actual clicks are located.
For example, mouse cursors can be set to 256 pixels in width and height. An attack with evil cursor is when a normal mouse cursor appears in the upper left corner, but the click point is defined in the lower right corner, creating a huge discrepancy between the point where the user sees the cursor and the one who actually wants to click.
The attacks evil cursor used by malicious "technical support" websites. They use this particular trick to keep users trapped on their sites - as victims cannot close tabs and pop-ups due to click and cursor mismatch.
Google has fixed some ways of attacking evil cursor in Chrome since 2010, and the most recent fix was in March 2019.
But Mozilla also fell victim to the attack. Prior to last week's update, browser developers fixed its last entry point for use evil cursor which existed since 2018
Mozilla has repaired this type of attack, which it monitors as CVE-2020-15654.