The Web Applications Security mailing list has a pointer to a <a href="http://seclists.org/lists/webappsec/2004/Oct-
Dec/0427.html">paper which discusses "session riding", which appears
to amount to hijacking a user's access or data via methods such as
sending crafted instructions via html e-mail (when the user's e-mail
client loads the html, the exploit is executed).