Impressive, eh? What you’re experiencing is the latest Security bug (as reported by ZDNet and many others). This is very severe, as it would be easy to direct you anywhere, when you think you’re accessing, say, PayPal or your online banking account
This Exploitation takes advantage of the fact that a username and password may preceed the domain name for http authentication. The following URL, for example, would authenticate the user foo with the password secret on the site barnesandnoble.com:
Still, you would see all that information in the URL. But you may ommit the password; and the username may look like a URL:
May still look confusing, and may actually mislead users, but still, the information is there. However, if right before the “@” you’d insert an ASCII 1 followed by an ASCII 0, everything after (and including) the “@” will be ommitted. Of course this happens only if you use IE. So go ahead on download Mozilla today!