Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...