When we talk about Security of a system or an application one rarely arises that what we're really talking about is risk and the minimization of these, i.e., how much safer we consider one lesser system is the risk of that is infringed and, therefore, greater is the confidence we have in that system or application.
Taking into account the hours that we can spend surfing the net, security is a fundamental in our browser aspect since, apart from allowing us access to our electronic mail, also it opens the doors of our corporate applications or electronic banking. There are many web applications that to avoid keyloggers installed on computers of users we have virtual keyboards on which we click, however, the Spider.io company seems to have found a vulnerability in all versions of Internet Explorer that would enable a third party monitor the movements of the mouse of a user and could entail risks for the users of virtual keyboards.
Put another way, this vulnerability (that reportedly it has been tested from Internet Explorer 6 to 10) would allow a third party obtain information of our mouse movements, even when the browser window is minimized. The vulnerability is linked to one of the functions that perform applications of web analytics (business which is precisely dedicated Spider.io) post that capture information from the user mouse movements to draw heat maps with areas that are most visited and, thus, raise a redesign or a reorganization of the information and, in this case, could be exploited by inserting a "malicious ad" on any website to hide code that exploits this vulnerability.
And what affects the user? Carrying out this monitoring in a page that presents the user a virtual keyboard (as those offered in some banking services online) may present a risk of capture of data access although this scenario is rather complex since, as additional security, many banks move the layout of these virtual keyboards keys so that the positions could not register andof course, the third party that collects data should know which page you are visiting.
Although the risk is relative it seems that Microsoft has not done much to minimize it since Spider.io reported his finding last month of October and of Redmond does not have solved it, so to push them a bit they have decided to make public the failure with the idea of forcing a reaction in the ranks of Microsoft.