Click1

                                                                                                                                                  Click2

MaliciousLink -> in fact you haven't clicked on the Download Dialog but you have clicked in this place of this malicious Webpage using a CursorJacking/ClickJacking vulnerability on Mozilla Firefox (v44.0.2 & others...), when you click on a link with the href attribute you can click on every element into the webpage or outside the firefox window.

Mozilla Firefox 44 for MAC OS X Yosemite - CursorJacking/ClickJacking/Spoofing Vulnerability : invisible cursor using flash object in fullscreen mode.

When you click on a button into the flash object for go in fullscreen and click on the button into this flash object to go out of fullscreen mode, the cursor becomes totally invisible.

Steps :
1 - Click on the flash object for play the movie.
2 - When the movie start , click on the button into the flash object for go on the fullscreen mode.
3 - Into the flash object in fullscreen mode , click on the button for go out of the fullscreen mode and click on the link which appears.


Result :
The cursor is now totally invisible and the invisibility is persistent.
[* This Cursorjacking or Cursor ClickJacking vulnerability can be used to make a Cursor Clickjacking attack when
you click on a link with the href attribute the cursor becomes allways invisible even if you click on others
HTML content, a Java Applet Window, a Firefox Addon, or others elements inside or outside the WebPage or the Firefox window
(All notifications like the WebRTC notification don't need to click on a link with a href attribute).
The cursor remains invisible even if you click on others elements.]