Microsoft Security Advisory service provides information on active issues in any Microsoft product currently in any of the support windows (sorry about the pun.)
MS-SA2501696 describes a publicly Reported vulnerability in how MS software handles certain data requests using MIME and is essentially an issue with all versions of MS Windows, rather than the browser, MS Internet Explorer but is only exposed through IE as far as I can tell from the announcement.
The issue can allow a “Client Side Script“ attack that can disclose information, take action in a web page without use consent or Spoof the returned content.
The CVE entry for this issue, CVE-2011-0096, has yet to be updated.
 MS Security Advisory 01/02/2011
 Wikipedia (Client Side Scripting) 01/02/2011
 TechTarget (XSS) 01/02/2011
 CVE (2011-0096) 01/02/2011
– Posted using BlogPress from my iPhone