Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7313
http://www.systemintegra.com/ie-fullscreen/
http://www.kb.cert.org/vuls/id/490708
http://www.guninski.com/popspoof.html
http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/