MSIE can be made to crash with a NULL ptr Read AV by executing a very small piece of JavaScript. This affects MSIE 6.0, 7.0 and 8.0 beta2. It should be fixed in 8.0 rc1.

The following HTML triggers the issue:

<BODY onload=screen[""]>

I am amazed that a bug that is so simple to trigger has apparently gone unnoticed for years.