The Tech Report reports web analytics firm Spider.io discovered that all versions of Internet Explorer from 6.0 suffer from a vulnerability that enables a website to track mouse movements across the screen, even when they occur outside the browser. The flaw was reported to Microsoft in October, but the Microsoft Security Research Center has said there are no immediate plans to patch the bug.
As Wired points out, the exploit could be used to gather online banking log-ins, since some banking sites use on-screen keypads in an attempt to thwart keyloggers. Simply tracking cursor movements may not be a huge help, of course—to do any real damage, you'd probably need other malware to relay what's being displayed on the screen. Still, it would be nice if IE wasn't a potential participant in that kind of thing. Here's hoping Microsoft addresses the issue sooner rather than later.