The browser vendors are adding innovative security features to help protect users against web-based attacks. Here are some examples:
- Firefox 3.5.3 will check your Adobe Flash add-in and warn you if it's not current. It is believed that as many as 80% of browser users are using older versions of Adobe that contain vulnerabilities that are fixed in new versions.
- Internet Explorer 8 added a raft of security features including URL filtering, Cross Site Scripting (XSS) filtering, click-jack prevention, domain highlighting, and data execution prevention (requires Vista SP1). The Cross Site Scripting filter is very impressive. Here is a detailed explanation of XSS and how the IE8 filter works. XSS attacks are particularly nasty because it can
happen through no fault of yours. All you have to do is go to a site
that has been successfully exploited. Details on the other features are here. - Opera 10, just now shipping, also includes URL filtering.
- Safari 4, when running on Windows, will integrate with your Windows anti-virus software to check any files, images, or other items you are downloading via Safari. It also has URL filtering watching for phishing sites and sites known to harbor malware.
- Chrome 2.0.172.43 was released on August 25, 2009 and fixed several high severity issues.
Firefox has long benefited from third party security and privacy add-ons. NoScript is one of the more popular add-ons that blocks javascript and let's you selectively turn on javascript per content source.
While I have not personally checked these security features, assuming they all work as advertised, Microsoft's Internet Explorer 8 leads the way in security innovation.