I groan when I hear repeated security reports of "bugs in xxx browser allowing URL spoofing", etc, etc. Most of the reports are real, live vulnerabilities that can endanger you and threaten your security as an internet user. However, I think a lot of this is misunderstood by some.
You see, most of the bugs reported have little or nothing to do with you innocently browing a site and BOOM, you're owned. 99% of the time, it's along the lines of "visiting a booby-trapped site and...". I prove my point. Most people deserve to get spoofed if they're dumb enough to visit nonreputable sites that would do such a thing to you.
Now, I'm not exactly critisizing all you web surfers out there, but somehow I kinda doubt you're just going to find such a link on Google and click on it (which is how most of the web surfing is done nowadays anyway, or clicking from sites you already know of, but then again those sites should be reputable, too).
Viruses have been around for quite a while. And users that could be suspectible to them have learned not to open emails with *certain* subject headers on them. Well, I don't think this situation is dissimilar to the threat of booby-trapped sites. Since it doesn't look like viruses are going to disappear anytime soon, I kind of doubt that browser vulnerabilities and spoofing attacks will go away either.
True, it's still dumb to use a ancient browser with numerous security holes. But it's even dumber to visit sites that take advantage of these flaws.