Endpoint Vulnerability

Clickjacking through cursor invisibility after Flash interaction

Description

Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during interactions with HTML content subsequently. This issue only affects OS X and is not present on Windows or Linux systems.

Affected Products

Firefox

References

CVE-2014-1539,