Internet Explorer can track your mouse anywhere on the scree,even when you aren’t browsing
A new Internet Explorer vulnerability has been discovered that allows an attacker to track your mouse cursor anywhere on the screen, even if the browser is minimized. All supported versions of Microsoft’s browser are reportedly affected: IE6, IE7, IE8, IE9, and IE10.
Explorer can track your mouse movements anywhere on the screen,even if the Internet Explorer window is minimized. The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads.. And Microsoft, which was informed of the massive potential security hole over two months ago, has no plans to fix it. Which means that as you explore the web, the web can explore you right back.
Internet Explorer’s event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time—even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized. The fireEvent() method also exposes the status of the control, shift and alt keys.
Affected properties of the Event object
are altKey, altLeft, clientX, clientY, ctrlKey, ctrlLeft, offsetX,
offsetY, screenX, screenY, shiftKey, shiftLeft, x and y.
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .