Microsoft has finally fixed some UI race condition holes in Internet Explorer. I think the holes they just fixed include some of the holes I first reported to them in March 2004 and posted to Full Disclosure in July 2004, and which were known the whole time to allow e.g. spyware installation.
Microsoft's fix involves disabling the "Run" button for about a second. One interesting difference between Microsoft's fix and Mozilla's fix is that Internet Explorer doesn't make the button visibly disabled; instead, it makes the button ignore clicks and keypresses for a short period of time. This works well given Microsoft's short timeout of 1 second (compared to Firefox's 2-3 seconds, which might be overkill).