To highlight the ridiculousness of this vulnerability: you don't even need to use `fireEvent("onmousemove")` to gain access to this information. You can use events that have absolutely nothing to do with the mouse, such as onbounce* on a hidden <marquee> element (seriously).
* "Fires when the behavior property of the marquee object is set to "alternate" and the contents of the marquee reach one side of the window." -- http://msdn.microsoft.com/en-us/library/ie/ms536910(v=vs.85)...