According to VUPEN security:
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
We have not verified this claim, but would like to know if any of our readers have. Please use our contact form to reply, or add your comments below.
Jack wrote to tell us that Symantec has verified the bug:
While the bug above doesn't seem to affect IE8, it isn't out of the woods....The Register UK reported this week that IE8 had a bug that allows the exploitition of XSS vulnerabilities in safe websites.