IE flaw allows attackers, advertisers to track cursor...

A software engineer from online analytics company Spider.io is claiming that a security flaw in Internet Explorer 6-10 could allow attackers or advertisers to track user's mouse movements, potentially compromising data entered via virtual keyboards.

Nick Johnson, who previously worked for Google before joining Spider.io, posted details of the flaw on the Bugtraq mailing list this morning.

"Internet Explorer's event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any web page (or in any iframe within any web page) to poll for the position of the mouse cursor anywhere on the screen and at any time — even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized."
Click to expand...

Read more at source:
IE flaw allows attackers, advertisers to track cursor movement | ZDNet
 
Click to expand...
It's CRITICAL!
Flaw makes attackers and advertisers able to track cursor? That isn't a safe computing.
MS must respond to this flaw.
 

My Computer

System One

  • OS
    Windows 10 Pro x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo Y520
    CPU
    Intel Core i5 7300HQ
    Motherboard
    OEM Lenovo
    Memory
    4GB DDR4-2400
    Graphics Card(s)
    NVIDIA GeForce GTX 1050
    Sound Card
    Realtek HD
    Monitor(s) Displays
    1 (2)
    Screen Resolution
    1920x1080
    Hard Drives
    Seagate 1TB 5400 RPM
    Keyboard
    OEM Lenovo
    Mouse
    Logitech G502 Proteus Core
    Internet Speed
    100 Mbps
    Browser
    Google Chrome
    Other Info
    PC:

    AMD Athlon X4 760K
    8GB DDR3-1866
    AMD Radeon RX 460
    Seagate 500 GB 7200 RPM
MrShowdown said:
It's CRITICAL!
Flaw makes attackers and advertisers able to track cursor? That isn't a safe computing.
MS must respond to this flaw.
Click to expand...
if its true which I doubt and also the word "could" not "will" is in the article
if its been around since ie6 im sure we would have been attacked by now don't you
just scare mongering
 

My Computer

System One

  • OS
    win 8.1 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer
    CPU
    x9100(@3.6gig)
    Motherboard
    8930g
    Memory
    6gb ddr3
    Graphics Card(s)
    nvidia
    Sound Card
    realtek 5.1
    Monitor(s) Displays
    18.2in
    Screen Resolution
    1920 × 1080 full HD
    Hard Drives
    240gig SSD
    500gig HDD
    Internet Speed
    152mb cable
    Browser
    IE11
    Antivirus
    defender

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
You must log in or register to reply here.
Back
Top