Thanks, it is "worked-around" in 2.8.7c.
It's an interesting problem, the way I.E. doesn't allow any safe way to put an argument on the command line escaped. (hint: Think difference between execv and system). It actually allows the URL leak out beyond one argv pointer, what a pain.
Another reason to switch to Firefox I guess.