User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Build Identifier: Websites can take control of a user's audio output device without permission, or warning towards the users. If the website offers no audio controls the user has no choice but to disable all output from the device or to leave the page. This feature can be exploited for intrusive adverisements, just like windows could once pop-up out of nowhere before Firefox was fitted with a pop-up blocker. The audio output can interfere with the output from other applications and even mimic their sounds which could possibly be used for phishing purposes since the user cannot tell from which application, or page the sound originated. Although there are currently not yet any examples of these practices it would be best to avoid them. This feature also breaks in multi-tasking environments, in the current situation Firefox will play the audio from one page, other pages with embedded audio that are opened in other tabs or windows will not play at all. Unexpected and unwanted audio can also be a problem for people using a speech synthesizer to read the pages for them. A possible solution for this problem would be to display a notification bar as used by the pop-up blocker which asks the user to inform the user that the website wants to play an audio file and asks for it's permission. Pages should not be allowed to access the audio output device when they are out of focus, unless given explicit permission by the user to do so. This could be done in the form a contextual menu. Reproducible: Always Steps to Reproduce: Visit any page that contains a code that will play audio automatically, for example: <embed src="BigChurchOrgan.mp3" type="audio/x-mp3" loop="true" autostart="true"></embed>
Due to a bug/feature in Windows Vista's speech recognition remote websites can now use Firefox's audio playback capabilities to execute commands on the computer of any visitor that visits a page while the speech recognition software is active. More details can be found here: http://blogs.zdnet.com/Ou/?p=418
Re-summarizing wrt Comment 0.