Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).
https://exchange.xforce.ibmcloud.com/vulnerabilities/21553
http://archives.neohapsis.com/archives/bugtraq/2005-07/0434.html