If you use version 6 or 7 of Microsoft's Internet Explorer browser you should disable the JavaScript function immediately.
Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.
This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.
The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.
Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.
Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.
You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.
In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.
Other versions of Internet Explorer and Windows could also be affected, Symantec warned.
Microsoft has not yet commented on the vulnerability.