Some info on the "cross-site scripting" issue affecting Internet Explorer − Welcome to the Microsoft Security Response Center Blog!

Our investigation indicates that this issue will have limited impact because an effective attack requires a website to expose sensitive information in a specific way. Basically, an attacker would need to find a way to make a response look like a Cascading Style Sheet, and that response would need to contain sensitive information.

IEBlog のほうはタイトルが "New XSS vulnerability in IE" になってるなぁ。