IE prevents URLs with paths containing "%00" from being loaded or interpreted in any way. I assume this is to prevent possible bad things from happening at the OS layer or from poorly written servers. Firefox supports it, but you can not give much argument for supporting it if IE doesn't. In WebKit, this bug is much worse because of bug 21975. I think the unescaping should be prohibited along with not allowing %00 in path names in the first place.
Forbidding %00 would go against the standard.