Internet Explorer doesn't block malicious Web sites from inserting "arbitrary content" in an arbitrary frame in a browser window, the Danish security firm says. Secunia says the malicious content will appear as if it originated from a trusted site, which is an attack commonly known as spoofing.
Secunia says it has verified the flaw in "a fully patched Internet Explorer 6 running on Microsoft Windows XP" and that other versions of Internet Explorer could also be affected by this vulnerability.
Secunia's only advice is that Internet Explorer users not visit untrusted Web sites or select a different browser.
Microsoft was not immediately available for comment.