In recent months the Bulgarian Georgi Guninski has found a number of security related problems with Internet Explorer. With his recent discovery of another potential danger, this number has reached a full dozen. The latest discovery does not apply to all versions, but is still bad enough. It involves the iframe tag and executed Javascript code using document.execCommand through Active scripting. After Microsoft released a patch for the "download bug" last week, it advised users to turn off Active scripting. More can be found on Guninski's site.

On a related note, the German BSI (Bundesamt fur Sicherheit in der Informationstechnik, a federal agency for security in information technology) has issued a warning to all Internet surfers not to use ActiveX, Javascript or Java. According to BSI, through these methods Internet users are at a risk of potential but difficult to calculate harm through the theft of passwords or other local data.