When Firefox decides to go multiprocess, with rendering processes running at a lower integrity level, then there will be a marked increase in security.
Iframe sandboxing is an interesting technology. But unless the browser prevents content in an iframe to run scripts, popup windows and so forth unless there is a sandbox directive to do so, I don't see it as that big of a deal yet, since, absent the sandbox, an Iframe has free reign. But it is a step in the right direction.
Botnet forces infected Firefox users to hack the sites they visit
quote:Investigative journalist Brian Krebs has uncovered an unusual botnet that forces infected PCs to scour websites for security vulnerabilities that can cough up proprietary data or be exploited in drive-by malware attacks.
"This is not the Microsoft .NET Framework Assistant created and distributed by Microsoft. It is a malicious extension that is distributed under the same name to trick users into installing it, and turns users into a botnet that conducts SQL injection attacks on visited websites."
(Though some may say the MS version is malware too .)