I hope they fix this one soon.

Paul has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct sophisticated cross-site scripting attacks against any web site. Please see the test below for an example of how this vulnerability can be exploited.

[ Secunia - Internet Explorer Cross-Site Scripting Vulnerability Test ]

I set all of my ActiveX, signed or not, approved or not, to prompt and this fixes that problem, however it then breaks my gmail. (Of course I then just “trusted” gmail, hope they don't abuse that trust...)