Orkut has been hit with an Cross Site Scripting attack which allows a malicious user to inject malicious code in to the photo comments feature which when viewed execute the malicious code. This code can steal your cookies hence compromising your privacy.
This hole was prevalent in orkut a few hours back but seems like orkut has taken hold of the bugger. Don’t get into relaxation mode as yet because this bug is still active in Mobile Version of Orkut.
So avoid surfing unknown and known profiles and albums.
If you want to check if the hole is still unfixed, you can check this safe demo as an example. It will pop up an alert. If you want to test it on your own profile, you can copy paste this code (remove ‘\’ before and after your message to get it working) as a comment on any photo in an orkut album and see the live demo.
Be quick, because orkut will fix it very soon and also note, You are responsible for your actions