Jason Cox wrote:
I wonder how long until there is a flaw in the wild.


In the mean time simply use NoScript to block JavaScript from being run on sites that you don't trust.