When Firefox decides to go
multiprocess, with rendering processes running at a lower integrity level, then there will be a marked increase in security.
Iframe
sandboxing is an interesting technology. But unless the browser prevents content in an iframe to run scripts, popup windows and so forth unless there is a sandbox directive to do so, I don't see it as that big of a deal yet, since, absent the sandbox, an Iframe has free reign. But it is a step in the right direction.