I think if done smartly this can really mitigate a lot of these crappy attacks, such as: http://sourmath.com (EXPLICIT CONTENT) Sorry, took the url from another bug, not sure of another one. If a page attempts to move/resize the window 3 times within 3 seconds the page should be blacklisted. I think this can be combined with bug 61098, so that any one of the conditions will blacklist the site and lower its permissions so that it can't alert/prompt/confirm/showModalDialog or moveTo/moveBy/resizeTo/resizeBy/sizeToContent etc. Lastly, I know there's a pref for this, and it is in the ui, however: 1) The pref is enabled by default. 2) The ui isn't all that discoverable to the common user. 3) I can't think of a legit reason for a site to resize or move a window 3 times within 3 seconds!
Duping to bug 502561 as there's a better description and STR there.
Interesting idea to make the heuristic be based on the number of resizes. But I think that would have many of the same problems as the ideas in bug 29346 had for popups.