clickme4(HIDDEN) <- in fact you haven't clicked on the link named ClickMe3 but you have clicked on this link by a cursorjacking attack

Mozilla Firefox 35.0.1 for MAC OS X - CursorJacking/ClickJacking/Spoofing Vulnerability : invisible cursor using flash object and fullscreen mode.

When you click on a button into the flash object for go in fullscreen and click on a button for go out of the fullscreen mode (into the flash object in fullscreen), the cursor becomes totally invisible.

Steps :
1 - Click on the flash object for play the movie.
2 - When the movie start , click on the button into the flash object for go on the fullscreen mode.
3 - Into the flash object in fullscreen mode , click on the button for go out of the fullscreen mode ( if you press ESC , the bug can't work , so it is important to don't press ESC but only click on the button into the flash object which allows to quit the fullscreen mode ).
4 - Go with the cursor on the ClickMe1 link (move the cursor into the webpage some seconds) (the real cursor is now totally invisible and is replaced by a fake cursor which is at the same place than the real cursor), and after a click on the ClickMe1 link with the fake cursor,*¹ unfortunately the real cursor reappears.
5 - On the flash object you view appear a second link named ClickMe2 , click on this link. ( *² in fact, the real intention is that the user moves again the cursor into the flash object and click on the link named ClickMe3).
6 - *³ Now, go out of the flash object, the real cursor returned totally invisible again (and now there is a lag between the fake and the real cursor) and a third link named ClickMe3 appears (outside of the flash object) , *³ when you click on this link (with the fake cursor) infact you click on another link named clickme4 because there is a lag between the real hidden cursor and the fake visible cursor, after this click, the real cursor remains invisible and the invisibility is persistent. (*¹ contrary to step 4)

Result : The cursor is now totally invisible and the invisibility became persistent.
(*³ Even if you click on a link/button/addon window/Java Applet Window/Location Bar/WEBRTC_notification/ (etc) or any others elements inside or outside the webpage, the cursor remains invisible).
This vulnerability can be used for a ClickJacking/CursorJacking attack or others vulnerabilities like various types of Spoofing...).