A web site that uses frames is potentially vulnerable to several vulnerabilities such as XSS, XFS and CSRF. In the case of XFS this vulnerability should be checked as part of an ethical hack of the web application. The main threat of XFS is that can be used for a phishing attack to steal user credentials. In this case, the malicious phishing site will frame in the legitmate web page section such as a login web page and execute a malicious script for a trojan such as key logger. The malicious frame can be injected via a XSS vulnerability and execute in the context of the legitimate frame.
Unfortunately, in case of early versions of IE browsers (IE 5.5 and 6.x) this XFS browser control can be bypassed leading to a well known vulnerability: Cross Frame Scripting Bypass: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=77. If your web application use web frames and the user of your web application access your site via a vulnerable IE browser, the user is exposed to phising attacks that exploit this vulnerability. An example on how this XFS vulnerability is exposed by IE 6.x (will not work on IE7) and how can be used to execute a keylogger and display the user key strokes in the status bar is referenced herein: http://www.millersmiles.co.uk/identitytheft/cssb.html
The countermeasure for this browser vulnerability: use a non XFS control bypass vulnerable browser such as IE 7. Also, with Internet Explorer Vs 6 as well as Vs 7, inform the user of the browser setting "Navigate sub-frames across different domains", set to "Prompt" or "Disable": that protects your computer against the danger of cross-frame scripting attacks.
if(top != self) top.location = self.location;
In summary you are much better off security wise not using frames and iframes in your web application. Possibly you should avoid using frames at least in all web pages that handle sensitive information (e.g. login web pages)