Unfortunately there's a bit of confusion, as Mike Davidson of mikeindustries.com is no longer the maintainer of sIFR, and he has not updated the sIFR page in a while. This issue was found and resolved on July 4th 2007, in version 2.0.3. It also appears that Internet Explorer is not vulnerable to this attack. More about 2.0.3 and the XSS issue here: http://novemberborn.net/sifr/2.0.3