Endpoint Vulnerability

Cursor clickjacking with flash and images

Description

Security researcher Jordi Chancel reported a mechanism that made cursor invisible through flash content and then replaced it through the layering of HTML content. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during subsequent interactions with HTML content.

Affected Products

Firefox

References

CVE-2015-0810,