Firefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.
89c610f95e5084fbbd9fffd302c959d26a3a3d494bde761f4320c56b831760b3