firefox is vulnerable to clickjacking. An attacker can position a custom cursor over the address bar to spoof the actual cursor to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67.