Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also used for spoofing and clickjacking attacks against the browser UI.
Name: the Mozilla project
Upstream: sushi Anton Larsson
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217