I understand that I am potentially starting a browser war, but so be it.  Firefox, is a better (safer?) browser, and one of the main reasons that I say that is noscript http://noscript.net .  Noscript is a Firefox extension, that allows the  user to decide which sites can and cannot run javascript and java.  It is amazing how many websites want to load code on a page you are looking at, without you even realizing it. 

I personally feel that the threat of cross-site scripting is a major issue and we need to do our due diligence as infosec representatives and take the extra steps to thwart malware.  I empathize that it can be annoying to have to temporarily allow a site to run javascript, but if you blindly trust a site and they become compromised you may or may not now be infected.  I'll put up with the hassle, noscript is enabled and shields are up!

P.S.

Make certain you enable javascript temporarily when posting on eh.net or you will have to may have to re-type your post

I used to use NoScript on a regular basis but I have to say that since almost every site I visit requires JavaScript in order for simple things like links to work I've given up with it. A lot of work for perhaps little benefit.

Be careful though, blocking JavaScript does not block XSS vulnerabilities. You can inject plain HTML or any other code into an XSS-vulnerable page. For example you could inject a HTML form to steal login credentials and not use JavaScript at all.

Jim

Anyone else notice how many updates there have been to NoScript in the last 3-4 weeks? It used to be a few times a year, but the last month has been bi-weekly it seems.

There is no question at this time that firefox is the one.  And I dont mean that from an anti windows view. With its plugins and speed, etc..