A bug that first popped up over two years ago (and was subsequently fixed) is back in the Mac port of Internet Explorer 5.
The hole is tied to a problem with the IE Java Virtual Machine that could let a malicious Web site gain access to private content. It seems most firewalls will block out this sort of thing, limiting it to mostly Intranet exploits(where the risk is much lower). If you're incline, you can see a demonstration of the bug for yourself. Microsoft has no estimates for when a fix may be available.