Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also used for spoofing and clickjacking attacks against the browser UI. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-58.html Acknowledgements: Name: the Mozilla project Upstream: sushi Anton Larsson
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217