Microsoft’s Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar. The bug occurs when IE loads a page with (1) a malicious HTML object tag and (2) features the compatibility meta tag in its source code. Security researcher Manuel Caballero says the malicious object can then “retrieve the location.href of the object while the user leaves the main page
Source: