A new vulnerability was found in IE 6, but it doesn't affect IE 7. However, a new vulnerability was also found in IE 7 that can lead to content spoofing.
According to a report by Secunia, the IE 7 problem makes it possible "for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website."
As for the vulnerability in IE 6, "is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site." The immediately solution is to upgrade to IE 7.
