is the Koto's Cursorjacking attack protection automatic? if so, the protection doesn't work here.
if protection not automatic, how do i turn it on? let me know please.
in testing, getting cursorjacked to death here!
Koto's Cursorjacking attack protection?
-
jacked4life
Koto's Cursorjacking attack protection?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Re: Koto's Cursorjacking attack protection?
Yes.
Where is "here"?
What version of NoScript are you running?
ClearClick is enabled (Options | Embeddings -> ClearClick)?
Where is "here"?
What version of NoScript are you running?
ClearClick is enabled (Options | Embeddings -> ClearClick)?
v 2.2.8rc1
==========================================================================
x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
at http://blog.kotowicz.net/2012/01/cursor ... again.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:11.0a2) Gecko/20120126 Firefox/11.0a2 SeaMonkey/2.8a2
-
jacked4life
Re: Koto's Cursorjacking attack protection?
@therube, here is the universe of computers to which my comments pertain.
running the latest release and some of the latest rc as well.
"ClearClick" was and is enabled.
Cursorjacking protection seems a failure here, presently; something I thought I should report. (Fake cursor, hidden/offset real functioning cursor, no warning, etc.)
running the latest release and some of the latest rc as well.
"ClearClick" was and is enabled.
Cursorjacking protection seems a failure here, presently; something I thought I should report. (Fake cursor, hidden/offset real functioning cursor, no warning, etc.)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Re: Koto's Cursorjacking attack protection?
OK, it does look like it will need some reworking ...
Let me see ...
ClearClick enabled
initially, github.com NOT allowed, I can seem to click to my hearts content
Allow github.com, so long as I stay at YES|NO, all is well
but if I move (much) away from there (note that the window "viewport", scrollbars change), at that point, once I move back to YES|NO, (at some point) I will be jacked & in particular if the mouse cursor is moved down below the browser window (like to the OS's taskbar). once jacked, you are very easily jacked again. a force refresh of the page does not seem to help. a Forbid followed by Allow again seems to get things working, but again, so long as you remain on the YES|NO.
Running 2.2.9rc1 here, in case its a regression, though I have not checked.
Let me see ...
ClearClick enabled
initially, github.com NOT allowed, I can seem to click to my hearts content
Allow github.com, so long as I stay at YES|NO, all is well
but if I move (much) away from there (note that the window "viewport", scrollbars change), at that point, once I move back to YES|NO, (at some point) I will be jacked & in particular if the mouse cursor is moved down below the browser window (like to the OS's taskbar). once jacked, you are very easily jacked again. a force refresh of the page does not seem to help. a Forbid followed by Allow again seems to get things working, but again, so long as you remain on the YES|NO.
Running 2.2.9rc1 here, in case its a regression, though I have not checked.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0