[pdjstone]

Here's some stuff you used to be able to do by combining UI-redressing (clickjacking) with cross-origin drag and drop.

https://www.contextis.com/media/downloads/Context-Clickjacki...

There have also been plenty of UXSS bugs in various browsers caused by cross-origin drag-and-drop.