According to this article in Infoworld, Security Expert Georgi Guninski has discovered a bug which can compromise the security of a machine, even if it is behind a firewall through the use of malicious JavaScript code in a web page.

Microsoft's recommendation is that Active Scripting be disabled on 5.0 versions of Internet Explorer to eliminate the possibility of this expliot until a patch can be developed.

Additionally, BugNet reports that a rendering bug in IE5 can result in corrupted tags which, while not ruining them for general web use, will render them unusable by XML parsers.

See http://www.infoworld.com/cgi-bin/displayStory.pl?990929.eciewoes.htm for more information.