IE 5.x security vulnerability - circumventing Cross-frame security policy by IMG SRC="javascript:..." and a design flaw in IE.
link Written by Georgi Guninski