Spoofing bugs seem to be the MRSA of browser flaws - none of them are safe from the latest hacking ability, not even the version 1.0.5 of Mozilla which is still in beta format. It doesn't help that two browsers had already been updated for other flaws yesterday.

According to the Secunia website, Since JavaScript dialog boxes do not display or include their origin, this will allow a new window to open such as a prompt dialog box, which appears to be from a trusted site. From there, if a trusted secure site has been browsed in the same session as the hack attack, that information is vulnerable. We ran the test in brand new Netscape 8.0.2 and it was inconclusive - we got the failure dialog box, but the test site that was supposed to appear behind it, was shifted back one step in the browsing queue. As it's Gecko-based, we wouldn't assume any safety until every browser you use is patched.

Secunia's website is offering a test along with the basic report. It's more important than ever to clean out your browser cache to at least minimize the amount of information which could be stolen if the worst happens - and don't click on that amusing round-robin email with an attachment which might pass for communication from some “friends” of yours.

Visit Secunia here and test your browser.