mozilla -- scripting vulnerabilities

Several scripting vulnerabilities were discovered and
corrected in Mozilla:

CVE-2004-0905

javascript; links dragged onto another frame or
page allows an attacker to steal or modify sensitive
information from other sites. The user could be convinced
to drag obscurred links in the context of a game or even a
fake scrollbar. If the user could be convinced to drag two
links in sequence into a separate window (not frame) the
attacker would be able to run arbitrary programs.

CVE-2004-0908

Untrusted javascript code can read and write to the
clipboard, stealing any sensitive data the user might
have copied. Workaround: disable
javascript

CVE-2004-0909

Signed scripts requesting enhanced abilities could
construct the request in a way that led to a confusing
grant dialog, possibly fooling the user into thinking
the privilege requested was inconsequential while
actually obtaining explicit permission to run and
install software. Workaround: Never
grant enhanced abilities of any kind to untrusted web
pages.