Some older browsers are vulnerable to XSS attacks as such
<img src="javascript:alert('yo')" />
Current versions of IE, FF, Chrome are not.
I am curious if any browsers are vulnerable to a similar attack:
<img src="somefile.js" />
or
<iframe src="somefile.js" />
or other similar where somefile.js contains some malicious script.
No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.