The Mozilla Foundation Security Advisory describes this flaw as: If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.