New vulnerability found in IE6

Ryan Naraine over at the Zero Day Blog reports that a new vulnerability has been found in Internet Explorer 6 running on Windows XP with service pack 2 or 3:

An unpatched cross-domain vulnerability in Microsoft’s flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.

At the moment, there is no patch:

In the absence of a patch, IE users are strongly encouraged to upgrade to IE 7. Or, as always, consider using an alternative browser.