Firefox developers have fixed the "evil cursor" problem exploited by fake tech support scammers. Thanks to this bug, attackers did not allow victims to easily leave malicious sites. The vulnerability was fixed in Firefox 79.0.
The "evil cursor" problem was first discovered in Chrome and described back in 2010. In essence, such attacks are based on the fact that modern browsers allow site owners to change the appearance of the mouse cursor for their visitors. Most often this is used for browser games, as well as AR and VR, but such cursors can be a serious problem.
Typically, malicious sites change the cursor settings so that the actual click is not in the area where the cursor is displayed on the screen. For example, attackers create a 256×256 pixel cursor, and while a normal mouse cursor is displayed in the upper left corner of this invisible square to the victim, a click occurs in the lower right corner. As a result, the user tries to click on various interface elements, for example, he wants to close the tab of the fake technical support website, but this does not work, because the user clicks it is not at all difficult where the cursor is located.
Chrome devs fixed this issue in their browser last year. Then the well-known information security expert Jerome Segura illustrated the bug with a very visual video.
– Jérôme Segura (@jeromesegura) September 14, 2018
Now the problem of the "evil cursor" has again touched Firefox. The fact is that in 2018, Mozilla engineers already fought this type of attack and released a patch for your browser. But recently, Sophos discovered that attackers found a way around this fix and continued to use malicious cursors on fraudulent sites. According to experts, the attackers deliberately created an infinite loop in the code of their sites to prevent the 2018 patch from being triggered.
As a result, Mozilla specialists fixed the problem again, and this time the vulnerability received an identifier CVE-2020-15654…