Для тех, кто в теме. Цитирую:
---------------
Upon IE7 release, Secunia published SA22477 titled `Internet Explorer
7 "mhtml:" Redirection Information Disclosure`.
Here I figured a straightforward demo - navigate IE7 to:
* mhtml:
http://www.google.com/url?q=http://www.yahoo.com/
Google redirects to Yahoo, Yahoo content is loaded, but browser
location is not updated.
Microsoft blogs assure vulnerability brought up by Secunia is not in
IE7, technically, rather, it's Outlook Express; and as usual, words of
Microsoft were well honored by several public media sources.
Microsoft do not even send the slightest comment that IE is a source
of problem - despite there involves cross-domain data compromise, HTTP
redirection, ActiveX(DOM also works) ... all in all, when this attack
happens, it got to be IE and no other.
Let me sum up: in this case IE is vulnerable, only IE is vulnerable,
and Microsoft say "These reports are technically inaccurate: the issue
concerned in these reports is not in Internet Explorer 7 (or any other
version) at all".
Upon seeing "mhtml:", it reminds of a magnificent historic incident
which also involved "mhtml:" -- an IE exploit so perfectly and widely
utilized that it made CERT suggest "Use a different web browser"(CERT
KB VU#323070), and firstly initiated the boom of Firefox. Of course
Microsoft is unlikely to say technically this is also not IE's
problem.
----------
Переводить - лень. Сами переводите.
Как любят говорить наши уважаемые пользователи, когда у них накрывается операционка: "Я ничего не делал(а)! Оно само!". Вариант: "Я не ходил(а) по порносайтам - оно само!". 
