Microsoft has finally fixed that url spoofing bug (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp). It only took them a year to do it.

Only thing is, once applied you can no longer type usernamepassword@domain feature anymore eg:

http://planky:password@fourwinds.net

And the porn peddlers aren't happy :D

Microsoft IE patch leaves users locked out
Microsoft can't win. After being criticised for taking so long
to patch a security flaw in Internet Explorer, when it does
finally patch it, some users are complaining because they
unexpectedly found their systems stopped working
http://slink.com.com/slink?218242