For this reason, many computer security professionals have argued that it is unethical to publish code that makes it easy to exploit a security hole -- especially before the vendor of the buggy software has had a bit of warning & a chance to patch the code. Others, however, argue that vendors do not admit security problems, or patch them in a timely way, unless there is full disclosure. (The Bugtraq list, which embraces the latter point of view, publishes exploits as soon as they are available.) Wired news covers the ethics debate in this article. But in the meantime, now that the cat's out of the bag, it's best to use an alternative browser (e.g. Opera or Mozilla) or disable scripting in IE.
Would you like to know more?