Is your Windows Vista Gadget is Safe?, Inspect your Gadget
Windows Vista comes with cool sidebar Gadgets, which offers a lot of services like, clock, stock quotes, weather info, currency converter, calendar, CPU info etc. You can have Windows Vista Sidebar Gadgets built from HTML, JavaScript, and potentially ActiveX controls. As the sidebar hosts HTML based gadgets they are susceptible to Cross-site Scripting style bugs. This is a very serious concern as the script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on windows user. It can steal your private data and credentials.
Prevention is better than cure, you can depend on Non-HTML Sidebar Gadgets like, those based on silverlight or Windows Presentation Foundation (WPF). Here are some tips for developers from Microsoft, to inspect their code for security bugs.
Must read: Latest Firefox with fix for Cross Site Scripting (XSS)