Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
visiting an arbitrary URL via an onclick action that moves a crafted
element to the current mouse position, related to a "Status Bar
Obfuscation" and "Clickjacking" attack.
Still not fixed in 3.5.2
(In reply to comment #1)
> Still not fixed in 3.5.2
Readd us if needed appears to be fixed in current firefox.