On May 13, 2011, at 12:46 AM, Henri Sivonen wrote: > On Thu, 2011-05-12 at 20:29 -0400, Aryeh Gregor wrote: >> In >> particular, Flash has allowed this for years, with 95%+ penetration >> rates, so we should already have a good idea of how this feature can >> be exploited in practice. > > I don't know of exploits in the wild, but I've read about > proof-of-concept exploits that overwhelmed the user's attention visually > so that the user didn't notice the "Press ESC to exit full screen" > message. This allowed subsequent UI spoofing. (I was unable to find the > citation for this.) > Maybe you were thinking of this: http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/.
eric
