Security experts discovered a new severe XSS flaw affects fully patched Internet Explorer and exposes users to risks of attacks and identity theft.