Very short summary:
- IE pwns Firefox and Mozilla blames Microsoft for not sanitizing URLs before throwing them at other applications.
- Firefox pwns... all the world and Mozilla recognizes the same bug that had been blamed on IE affects Firefox itself.
- Mozilla devs fix their bug immediately, while people like Alun Jones (Security Microsoft Valued Partner) and Markellos Diorinos (IE Product Manager) deny such a bug exists at all, thus IE won't be fixed.
And this time I can't even insert my usual NoScript plug ;)