The moderately critical Internet Explorer bug listed on Secunia (http://secunia.com/advisories/19521/) earlier this month was not one of the flaws addressed in the latest patch cycle. It allows spoofing of the url listed in the browser and example exploit code is available on the net. A Test (http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerabili ty_Test/) to verify susceptibility has been constructed. A temporary workaround is to disable Active Scripting support.

"The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected."

Source: PC Mag Security Watch (http://www.pcmag.com/article2/0,1895,1947972,00.asp)

for half a second firefox was vulnerable...and then I was safe :D

out of idle curiosity I tried it on firefox too :p
of course I couldnt get it to work at all since I have the noscript extention (https://addons.mozilla.org/firefox/722/)
I declined to write a rule just so I could test an exploit I knew wouldnt work in the first place

I have written a tutorial on how to "secure" IE in three easy steps

1. copy this text into a notepad and save it as noaccess.rat
and save it in WINNT\system32 (W2K) WINDOWS\system32 (XP)


((PICS-version 1.0)
(rating-system "http://www.microsoft.com")
(rating-service "http://www.microsoft.com")
(name "Noaccess")
(description "This file will block all sites.")

(category
(transmit-as "m")
(name "Yes")
(label
(name "Level 0: No Setting")
(description "No Setting")
(value 0) )
(label
(name "Level 1: No Setting")
(description "No Setting")
(value 1) ) ))


2. Open IE > Tools > Internet Options > Content > Enable > General tab > Rating Systems > delete all > add > noaccess.rat > OK > Approved Sites Tab > add

http://technet.microsoft.com/
http://update.microsoft.com
http://support.microsoft.com/
http://www.microsoft.com/windows2000
http://www.microsoft.com/windowsxp/

clicking "always" after each > General Tab > User Options > Check Supervisor can type password to allow users to view restricted content > uncheck Users can see sites that have no rating > set password

3. install Firefox with the noscript extention or Opera

IE is now secured :p