Mozilla Products: Clickjacking through cursor invisibility after Flash interaction - mfsa2014-50 (Mac OS X)ID: oval:org.secpod.oval:def:19988 | Date: (C)2014-06-27 (M)2023-11-18 |
Class: PATCH | Family: macos |
Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during interactions with HTML content subsequently. This issue only affects OS X and is not present on Windows or Linux systems.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |