Firefox last week fixed a bug used by tech scammers to create artificial mouse pointers, preventing users from easily leaving malicious websites.
The bug was discovered to have been hacked online by British security firm Sophos and reported to Mozilla earlier this year.
What is an "evil cursor" attack?
A classic "evil cursor" attack works because modern browsers allow site owners to modify the appearance of the mouse cursor to users browsing their sites.
The function may seem useless, but usesται συχνά σε παιχνίδια που κυκλοφορούν σε προγράμματα περιήγησης, επαυξημένη πραγματικότητα του προγράμματος περιήγησης ή εμπειρίες εικονικής πραγματικότητας μέσω του προγράμματος περιήγησης. Ωστόσο, οι προσαρμοσμένοι δείκτες ποντικιών μπορεί να γίνει ένα σημαντικό problem in normal tissue.
Watch the video of Sophos
https://www.youtube.com/watch?v=7v8C_qZEXyQ
In attacks with evil cursor, malicious websites tamper with mouse pointer settings to modify where the actual cursor is visible on the screen and where the actual clickable area is.
For example, mouse cursors can be set to 256 pixels in width and height. An evil cursor attack is when a normal mouse cursor appears in the upper left corner, but the point to click is set to the lower right corner, creating a huge mismatch between where the mouse is looking at user the cursor and who wants to actually click.
Evil cursor attacks are used by malicious "technical support" sites. They use this particular trick to keep users trapped on their sites - as victims cannot close tabs and pop-ups due to click-cursor mismatch.
Η Google patched some paths of the evil cursor attack in Chrome since 2010, and the latest patch was March 2019.
But Mozilla also fell victim to the attack. Prior to last week's update, browser developers repaired its last entry point to use the 2018 evil cursor
Mozilla has repaired this type of attack, which it monitors as CVE-2020-15654.