There is an old attack method that was first published in 2001 that now is gaining more notoriety with the adoption of HTML 5. The method was dubbed "The HTML Form Protocol Attack" or Cross Protocol Scripting. Some of the vulnerabilities described in the paper have been addressed by the browser makers themselves but others are still open.
The premise of the vulnerability is that a browser can be tricked into communicating on a non standard port (i.e SMTP, POP, NNTP) from a hidden form on a web page. This can be used by spammers for instance by setting up a page with a hidden form that submits a request to a mail server and turns your client into a spam bot.
