Some older browsers are vulnerable to XSS attacks as such

<img src="javascript:alert('yo')" />

Current versions of IE, FF, Chrome are not.

I am curious if any browsers are vulnerable to a similar attack:

<img src="somefile.js" />

or

<iframe src="somefile.js" />

or other similar where somefile.js contains some malicious script.

No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.

All major browsers are still vulnerable to these attacks. Tons of ways of using img tags are still around.. For example...

<img src='#' onerror=alert(1) />

Look for RSnake's xss cheatsheet, those are just some vectors. By the way, I've heard he's coming up with a new version of his cheatsheet soon.

here you can find some XSS attacking vector http://ha.ckers.org/xss.html