Four new vulnerabilities in Internet Explorer and Firefox have been discovered by Michal Zalewski, an independent security researcher. The four flaws currently have no patches available from either Microsoft or Mozilla. Of the two IE flaws, the most severe has the potential to let JavaScript execute with permissions of a previously visited page, which could easily lead to abuse. It affects both IE6 and IE7. The second IE exploit affects IE6 only, and allows URLs to be spoofed in the address bar.

The first of the two Firefox vulnerabilities could lead to code execution, the other could potentially avoid the file prompt delay you see when attempting to download a file. Most of these have online tests you can run to see if your particular browser version is vulnerable. In most cases, you'd need to be running Windows to be vulnerable.