Regrardless of my sanity, I have a solution to the little loophole I found - whether it solves the browser issues or not I don't know as I haven't been able to replicate it.

So in particular if you're using the distinct shopping cart option of multisite you might want to add this code to includes/modules/pages/index/header_php.php - this will prevent manipulation of the url giving the user access to a category that shouldn't be available in the shop they're browsing.

PHP Code:
//bof multisite
//check that a cPath from another store is not attempting to be used.
    
if ($cPath 0) {
      
$categories_query "SELECT c.categories_id, cd.categories_name, c.categories_image, c.parent_id
                         FROM   " 
TABLE_CATEGORIES " c, " TABLE_CATEGORIES_DESCRIPTION " cd
                         WHERE      c.categories_id = :parentID
                         AND        c.categories_id = cd.categories_id
                         AND        cd.language_id = :languagesID
                         AND        c.categories_status= '1'
                         ORDER BY   sort_order, cd.categories_name"
;

      
$categories_query $db->bindVars($categories_query':parentID'$cPath'integer');
      
$categories_query $db->bindVars($categories_query':languagesID'$_SESSION['languages_id'], 'integer');
      
$category_status $db->Execute(cat_filter($categories_query));
      if (
$category_status->RecordCount() == '0') {
        
$current_category_not_found true;
      }
    }
//eof multisite 
Put this in just above -

PHP Code:
    // -----
    // Give an observer the chance to override the default handling for the category.
    //