Reviewing FF46 stuff, I noticed a supposedly fixed security vulnerability: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/ Sort of rang a bell, but didn't spot a thread more recent than a paper I found. In case it wasn't previously mentioned... TouchSignatures: Identification of User Touch Actions and PINs Based on Mobile Sensor Data via JavaScript https://arxiv.org/abs/1602.04115 Interesting, and a bit disturbing, how sensor data can be exploited. Hopefully, all [mobile] browsers and the specs are fixed by now or soon will be.
