Both MySpace and Facebook have come under the security microscope with the publication of a zero-day flaw that affects both sites. The flaw lies within the image uploader that both sites use, which is obviously a very popular and commonly used function. If exploited, the flaw can result in a buffer overflow that could lead to code execution on someone's computer and ultimately machine compromise. Even less surprising, the flaw is inside an ActiveX control. Assuming you are using a browser that doesn't support ActiveX, you're out of harms way.
Secunia has rated the flaw as highly critical, and as of the time of this post no patch has been formerly announced. However, a little-known feature of ActiveX known as the kill bit can be enabled that will prevent the exploit from being able to affect you.