Got this from digg.com:
This web page describes a spoof that every browser but IE allows. As near as I can tell it has to do with the fact that IDNs (International Domain Names) can have country- or language-specific characters in them, yet the display like English characters. So you will see a URL that appears to be, for instance, http://www.paypal.com but it’s actually http://www.p&#1072ypal.com — the “&#1072” is an accented “a”.
You can circumvent this problem in Firefox but the fix doesn’t persist across browser restarts. Opera’ssupposedly got a fix for it now.