-moz-binding: CSS allows to bind XBL with element and XBL may contains scripts. It may lead to crossite sripting within e.g. webmail.
vulners.com/securityvulns/securityvulns:doc:11222