Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To highlight the ridiculousness of this vulnerability: you don't even need to use `fireEvent("onmousemove")` to gain access to this information. You can use events that have absolutely nothing to do with the mouse, such as onbounce* on a hidden <marquee> element (seriously).

* "Fires when the behavior property of the marquee object is set to "alternate" and the contents of the marquee reach one side of the window." -- http://msdn.microsoft.com/en-us/library/ie/ms536910(v=vs.85)...




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: