mouse pointer stuck in browser sandbox window

[GSO]

The executive summary is that I seem to be experiencing browser hacking even
with a completely locked down install (i.e., shouldn't be any malware
involved) and an encrypted VPN - in the first instance the X mouse pointer
was periodically getting stuck in a firefox sandbox (duly described over on
the Fedora Security forum
http://forums.fedoraforum.org/showthread.php?t=263947 - in a nutshell though
the mouse pointer will not cross the window border to the desktop; Alt+Tab
to cycle windows also fails, the only way out is to switch into another
virtual terminal).  Firefox also intermittently shows other signs of being
hacked - flash video crashing the player when it was previously working fine
- BBC iPlayer being one such site, the mouse pointer disappearing hovering
over links, etc.  For anyone with their Sherlock hats on the details are as
follow:

- I know for sure that I do have a MITM hacker - if I surf without
encrypting the Internet connection very quickly invalid site SSL certificate
errors follow and pages are rewritten.  With iVPN (http://ivpn.net) at least
(and probably the other VPNs if their procedures for setting the openvpn
passphrase/cert were as bulletproof as iVPN's) the only problem I have is
with the SELinux sandbox and firefox.  Also it is more than a co-incidence
that as I write this email this hack occurs (the mouse is locked into the
sandbox window at this moment), or likewise when I post to the unix.com or
fedora security forums (having worked fine all day otherwise).

- It looks like there possibly is a correlation between entering text into a
textbox and this happening, mostly after I have posted the text to the
Internet, but sometimes as I am typing.  The mouse will sometimes and
somewhat less frequently unlock itself from the sandbox (i.e., the pointer
can freely move around the desktop again).  (Something also that might be
related and that has just started today, the mouse pointer vanishes when
over a button or link - but not in all sandbox windows, just the odd one.)

- I've done my damnedest to rule out any kind of malware on the install
(ref. link above to the fedora forum post).

- The same problem occurs with metacity and openbox window managers, the
former both as the X wm and sandbox '-W' wm.

- I will at some point do a backup and run the browser out of the sandbox,
I've a feeling that whatever this is allows this hacker into root and to
trash the install.

- I will at some point rule an openvpn bug out by trying a L2TP connection.

- Any malicious code surely has to run through the browser, chromium
unfortunately will not run in a default sandbox so I can't at the moment
compare the security of this browser.

- I'm working on the basis at the moment that local crime -- this is very
much a local crime problem -- can 'see' my browser, but it could equally be
a TEMPTEST problem as a browser hack (I will make some checks on the former
sometime, but I can't be absolutely conclusive on this).

Not being a network engineer I can't really go much further than the above -
I have some long dead Netware skills but otherwise was essentially trained
as a programmer.


G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110602/47d26d02/attachment.html