According to security firm Secunia, the just-released Internet Explorer 7 contains a "Redirection Information Disclosure" vulnerability, which allows one site to fetch data from another site through the browser, which opens it up to all kinds of cross-site scripting (XSS) attacks. Interestingly, the same vulnerability has been known and unpatched in IE6 since April. It's one thing not to patch an old browser, but seems quite another to release a brand new browser with the same vulnerability that you've been aware of for six months. If you're running Internet Explorer and want to see the exploit in action, Secunia has set up a demo page.