CVE-2009-0253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0253): Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
Still not fixed in 3.5.2
(In reply to comment #1) > Still not fixed in 3.5.2 > Readd us if needed appears to be fixed in current firefox.