InformAction Forums

is the Koto's Cursorjacking attack protection automatic? if so, the protection doesn't work here.

if protection not automatic, how do i turn it on? let me know please.

in testing, getting cursorjacked to death here!

Yes.

Where is "here"?

What version of NoScript are you running?

ClearClick is enabled (Options | Embeddings -> ClearClick)?

v 2.2.8rc1
==========================================================================
x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
at http://blog.kotowicz.net/2012/01/cursor ... again.html

@therube, here is the universe of computers to which my comments pertain.

running the latest release and some of the latest rc as well.

"ClearClick" was and is enabled.

Cursorjacking protection seems a failure here, presently; something I thought I should report. (Fake cursor, hidden/offset real functioning cursor, no warning, etc.)

OK, it does look like it will need some reworking ...

Let me see ...

ClearClick enabled

initially, github.com NOT allowed, I can seem to click to my hearts content

Allow github.com, so long as I stay at YES|NO, all is well

but if I move (much) away from there (note that the window "viewport", scrollbars change), at that point, once I move back to YES|NO, (at some point) I will be jacked & in particular if the mouse cursor is moved down below the browser window (like to the OS's taskbar). once jacked, you are very easily jacked again. a force refresh of the page does not seem to help. a Forbid followed by Allow again seems to get things working, but again, so long as you remain on the YES|NO.

Running 2.2.9rc1 here, in case its a regression, though I have not checked.