IE 5.x security vulnerability - circumventing Cross-frame security policy by IMG SRC="javascript:..." and a design flaw in IE. link Written by Georgi Guninski