Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area.
This is now public:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errata/RHSA-2011-1164.html