Hacker News new | comments | ask | show | jobs | submit login

To highlight the ridiculousness of this vulnerability: you don't even need to use `fireEvent("onmousemove")` to gain access to this information. You can use events that have absolutely nothing to do with the mouse, such as onbounce* on a hidden <marquee> element (seriously).

* "Fires when the behavior property of the marquee object is set to "alternate" and the contents of the marquee reach one side of the window." -- http://msdn.microsoft.com/en-us/library/ie/ms536910(v=vs.85)...

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact