Firefox last week fixed a bug that was being used by tech support scammers to create artificial mouse pointers preventing users to easily leave malicious websites.
The bug was discovered to be exploited online by the British company better safetys Sophos and was reported to Mozilla earlier this year.
What is an "evil cursor" attack?
A classic "evil cursor" attack works because modern programs browsing allow site owners to modify the appearance of the mouse cursor to users browsing their sites.
The feature may seem useless, but it is often used in browser games, browser augmented reality, or virtual reality experiences through the browser. However, custom mouse pointers can become a major problem in normal tissue.
Watch the video of Sophos
https://www.youtube.com/watch?v=7v8C_qZEXyQ
In evil cursor attacks, malicious websites tamper with mouse pointer settings to modify where the actual cursor is visible on the screen and where the real area to click.
For example, mouse cursors can be set to 256 pixels in width and height. An evil cursor attack is when a normal mouse cursor appears in the upper left corner, but the click point is defined in the lower right corner, creating a huge discrepancy between the point where the user sees the cursor and wants to actually click .
Evil cursor attacks are used by malicious "technical support" sites. They use this particular trick to keep users trapped on their sites - as victims cannot close tabs and pop-ups due to click-cursor mismatch.
Google has been repairing some ways of the evil cursor attack on Chrome since 2010, and the most recent fix was in March 2019.
But Mozilla also fell victim to the attack. Prior to last week's update, browser developers repaired its last entry point to use the 2018 evil cursor
Mozilla has repaired this type of attack, which it monitors as CVE-2020-15654.