Mozilla Foundation Security Advisory 2005-45
Title: Content-generated event vulnerabilities
Severity: High
Reporter: Omar Khan, Jochen, shutdown, Matthew Mastracci
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.5
Mozilla Suite 1.7.9
Description
In several places the browser UI did not correctly distinguish between true
user events, such as mouse clicks or keystrokes, and synthetic events
genenerated by web content. The problems ranged from minor annoyances like
switching tabs or entering full-screen mode, to a variant on MFSA 2005-34
Synthetic events are now prevented from reaching the browser UI entirely
rather than depend on each potentially spoofed function to protect
itself from untrusted events.
Workaround
Disable JavaScript.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=289940