Yummy - quite nasty really, provided you have use IE but have FF2 installed too. For those of you who like to pretend to root yourselves, there's a list of demos of the exploit.
Perhaps more interesting than the flaw itself, is the fact that researchers and blogging security folks can't agree on which browser is really at fault. IE allows the dodgy request to be sent, but Firefox accepts it.
Mozilla's said it'll patch the vulnerability so that IE doesn't go messing it around any more, also slipping in a recommendation to run Firefox all the time. Microsoft reckons IE's off the hook, suggesting that the problem doesn't lie with Microsoft. And perhaps that's true.
It all boils down to whether IE can know that its sending bad data to Firefox. IE needn't know what kinds of input Firefox should accept, so all it can do is ensure the URI is valid in the broader sense. Does it do that? We'll let the security researchers figure that one out.