For those who are interested,
I have complied the following hardening(privacy & security) resource links below for the latest, most commonly used web browsers.
Internet Explorer:
http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx (Protected Mode in Vista IE7)
http://blogs.msdn.com/ie/archive/2007/04/0...-on-or-off.aspx (Protected Mode for IE7 in Windows Vista - Is it On or Off?)
http://content.zdnet.com/2346-12691_22-87874.html (Images: How to run Internet Explorer securely)
http://windowssecrets.com/comp/061026#story1 (IE 7 needs tweaking for safety)
http://searchwindowssecurity.techtarget.co...1241319,00.html (Tips on hardening and securing IE7)
http://searchsecuritychannel.techtarget.co...1244243,00.html (Configuring IE7 security: ActiveX, information bar, cross-domain protection)
http://searchsecurity.techtarget.com/exper...i945838,00.html (The dangers of ActiveX)
http://securitywatch.eweek.com/browsers/ho...explorer_1.html (How to Disable ActiveX Controls in Internet Explorer)
http://antivirus.about.com/od/securitytips/ht/ieiframe.htm (How To Disable IFrames in Internet Explorer)
http://antivirus.about.com/od/securitytips/ht/ieaddons.htm (How To Disable Add-Ons in Internet Explorer)
http://antivirus.about.com/od/securitytips/ht/ac_ie.htm (How to Disable AutoComplete in Internet Explorer)
Free Internet Explorer Tools/Utilities and Programs:
http://www.darkreading.com/document.asp?doc_id=153221 (Free 'AxBan' Tool Kills Bad ActiveX Controls)
http://blog.washingtonpost.com/securityfix...ml?nav=rss_blog (Taming Internet Explorer Browser Plug-Ins)
http://www.javacoolsoftware.com/spywareblaster.html (SpywareBlaster - IE kill-bits for identified or known malicious ActiveX controls and gives one the option to disable/enable "flash" within IE.)
http://www.bleepingcomputer.com/tutorials/tutorial49.html (Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware)
http://www.malwarehelp.org/how-to-effectiv...reblaster1.html (How to effectively prevent Malware using SpywareBlaster Part 1)
http://www.malwarehelp.org/how-to-effectiv...reblaster2.html (How to effectively prevent Malware using SpywareBlaster Part 2)
http://www.nirsoft.net/utils/axhelper.html (NirSoft ActiveXHelper - free utility that allows one to view and "selectively" disable any of the ActiveX components that are installed on one's computer.)
http://www.bbshare.com/ (No! Flash - free utility that blocks multimedia ads and spyware and gives one the option to disable/enable "Flash" in Microsoft Internet Explorer.);(*Note: Looking over the site it appears that this utility is not compatible with either Vista or IE 7. On the other hand, it would not hurt to try and see.)
Internet Explorer Plugins:
http://www.ie7pro.com/ (Free plugin that allows one to block ads, block flash, disable plugins among other things.)
FireFox(Incl. K-Meleon):
http://content.zdnet.com/2346-12691_22-93923.html (Securing FireFox: How to avoid hacker attacks on Mozilla's browser)
http://www.squarefree.com/securitytips/users.html (Security tips for Firefox users)
http://www.security-hacks.com/2007/06/08/f...er-your-privacy (FireFox: 10 tips to bolster your privacy)
http://www.tssci-security.com/archives/200...safer-browsing/ (8 Firefox extensions towards safer browsing)
http://ludios.org/firefox/securing/ (Securing Firefox 3)
http://ha.ckers.org/firefox_improvements.html (*Note: Please take note of the "Reduce what JavaScript can do in Firefox:" and "Greasemonkey:" sections. The "Greasemonkey:" section can be ignored if one is using Adblock and/or NoScript to disable iframes.)
http://antivirus.about.com/od/securitytips...bleprefetch.htm (How To Disable Google / Firefox Prefetch)
http://antivirus.about.com/od/securitytips/ht/ac_firefox.htm (How To How to Disable AutoComplete in Firefox)
http://www.hackosis.com/2007/10/24/securit...ity-extensions/ (Top 10 Firefox Security Extensions)
http://www.tssci-security.com/archives/200...t-csrf-attacks/ (Simultaenous use of Firefox profiles to guard against CSRF attacks)
http://windowssecrets.com/2008/07/17/06-Th...privacy-add-ons (The top Firefox security and privacy add-ons)
http://www.makeuseof.com/tag/best-firefox-...ty-and-privacy/ (10+ Best Firefox Addons for Security and Privacy)
Google Chrome(Incl. Chromium & SRWare Iron):
http://www.chromefans.org/chrome-tutorial/...-high-level.htm (How do I adjust my security settings to high level?)
http://www.online-tech-tips.com/google-sof...incognito-mode/ (Create a desktop shortcut to open Google Chrome in Incognito Mode)
http://www.srware.net/forum/viewtopic.php?f=18&t=90 (Can Iron be forced to start in incognito mode?)
http://www.mattcutts.com/blog/chrome-privacy/ (Chrome Provides Dedicated Privacy Options)
http://www.makeuseof.com/tag/3-steps-to-re...-google-chrome/ (3 Steps to Regain Your Privacy in Google Chrome)
http://www.google.com/support/chrome/bin/a...36&hl=en-US (General privacy: Google Chrome features that affect your privacy)
Google Chrome Privacy Tools/Utilities:
http://blog.gjl-network.net/blog/index.php...amp;serendipity[lang_selected]=en (Google Chrome - Chrome Privacy Guard (CPG))
http://www.abelssoft.net/unchrome.php (Abelssoft UnChrome)
Opera:
http://www.opera.com/support/tutorials/security/shared/ (Security and Privacy on a Shared Computer)
http://gladiator-antivirus.com/forum/index...showtopic=75461 (Hardening/Securing the Opera Web Browser for DefenseWall Users)
http://my.opera.com/mp3geek/blog/ (Fanboy's Opera Stuff Blog)
http://www.fanboy.co.nz/adblock/ (Fanboy's AdBlock List for Opera)
Safari:
http://docs.info.apple.com/article.html?pa...en/ibr1069.html (Protecting private information on shared computers)
http://www.apple.com/pro/tips/privacy_safari.html (Browse in Privacy with Safari)
http://blogs.howtogeek.com/mysticgeek/2007...ng-with-safari/ (Private Browsing With Safari)
http://www.howtogeek.com/howto/apple/make-...owsing-private/ (Make Your Safari Web Browsing Private)
http://osxhelp.com/mastering-safari-understanding-security/ (Mastering Safari, understanding security)
http://www.insanely-great.com/news.php?id=9054 (Safari private browsing not private)
http://uneasysilence.com/archive/2008/03/13061/ (If This Browser Could Talk: Safari Private Surfing *Not* So Private)
Safari Ad-Blocking or Privacy/Security Plugins:
http://www.culater.net/software/PithHelmet/PithHelmet.php (PithHelmet)
http://safariadblock.sourceforge.net/ (Safari AdBlock)
http://haoli.dnsalias.com/Saft/index.html (Saft)
Free Ad-Blockers For Most Web Browsers:
http://www.adsweep.org/ (AdSweep)
http://bfilter.sourceforge.net/ (BFilter)
http://www.privoxy.org/ (Privoxy)
http://www.proxomitron.info/ (Proxomitron)
Miscellaneous:
http://hackademix.net/2008/09/29/clickjack...i-chrome-opera/ (Clickjacking and Other Browsers (IE, Safari, Chrome, Opera));(*Note: Excellent reference guide for advanced security settings.)
http://www.us-cert.gov/reading_room/securing_browser/ (CERT - Securing Your Web Browser)
http://www.usenix.org/event/hotbots07/tech...ovos/provos.pdf (Google Security - "The Ghost in the Browser")
http://honeynet.org/papers/mws/KYE-Malicious_Web_Servers.htm ("Know Your Enemy: Malicious Web Servers")
http://googleonlinesecurity.blogspot.com/2...oint-to-us.html ("All Your iFrame Are Point to Us")
http://isc.sans.org/diary.html?storyid=3573 (Cyber Security Awareness Tip #28: Cookies)
http://isc.sans.org/diary.html?storyid=3733 (How to stop javascript from websites infecting clients)
http://www.thespanner.co.uk/2007/10/24/ifr...curity-summary/ (IFrames security summary)
http://securosis.com/2008/06/03/making-the...tiple-browsers/ (Making The Move To Multiple Browsers)
http://www.cert.org/advisories/CA-2000-02.html (CERTŪ Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests)
http://www.cert.org/tech_tips/malicious_code_FAQ.html (Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites)
Cross-Site Scripting(XSS) and It's Effects on Web Browser Privacy/Security and Some Solutions:
http://www.howtocreate.co.uk/crosssite.html#userprotect (How can users protect themselves against XSS)
http://chucklinart.com/protect_against_cro...ing_XSS_attacks (Protect Against XSS Attacks)
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.cgisecurity.com/articles/xss-faq.shtml (The Cross Site Scripting (XSS) FAQ)
http://www.cert.org/advisories/CA-2000-02.html (CERTŪ Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests)
http://www.windowsecurity.com/articles/Cro...ed-Exploit.html (Cross Site Scripting – The Underestimated Exploit)
http://www.microsoft.com/technet/archive/s...s.mspx?mfr=true (What Customers Can Do to Protect Themselves from Cross-Site Scripting)
http://www.technicalinfo.net/papers/CSS.html (HTML Code Injection and Cross-site scripting)
http://www.preventing-xss.ovh.org/ (Preventing XSS Attacks)
http://searchsecurity.techtarget.com/exper...1197988,00.html (How to prevent cross-site scripting)
http://searchsecurity.techtarget.com/exper...1275091,00.html (Has cross-site scripting evolved?)
Cross-Site Request Forgery(CSRF) and It's Effects on Web Browser Privacy/Security and Some Solutions:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://my.opera.com/haakeyar/blog/csrf-we-need-protection (Protection against CSRF for end users)
http://www.thespanner.co.uk/2007/11/19/csr...ser-protection/ (CSRF browser protection)
http://www.gnucitizen.org/blog/csrf-demystified/ (CSRF Demystified)
http://searchsecurity.techtarget.com/exper...1308096,00.html (What are the dangers of cross-site request forgery attacks (CSRF)?)
Online Web Browser Privacy/Security Tests:
http://www.explabs.com/test/ (Harmless test that helps determine whether one has I-frames enabled or disabled within one's web browser)
http://gemal.dk/browserspy/ (gemal.dk - BrowserSpy)
http://privacy.net/analyze/ (Privacy.net Analyzer)
http://finjan.com/Content.aspx?id=577 (*Note: Please take note of the "Denial of Service (DoS)", "Remote Code Execution (RCE)", "Phishing", "Code Obfuscation of Malicious Script", "Java Applet" and "ActiveX Control" tests.)
http://www.hostile-code.com/htme/tsecurity.htm (Hostile Code - Security Test)
http://www.it-sec.de/vulchke.html (it.sec - Online Security Check)
http://www.jasons-toolbox.com/BrowserSecurity/ (Jason's Toolbox - Browser Security Tests)
(*Note: Keep in mind that while implementing all of the the above hardening tips will result in a web browser that is substantially more secure, it "may" break some web functionality on a site-to-site basis. In any case, I suggest that one apply changes one-step-at-a-time or in a trial-and-error manner to achieve a more secure, but usable compromise.)
(*Note: Keep in mind that "some" of the privacy/security settings that I employ in Opera can also be used in Chrome, IE, FF and Safari.)
Vulnerabilities and exploits notwithstanding, it is my opinion that the most secure web browsers are Chrome, FF, and Opera because they do not employ ActiveX functionality. Secondly, it is my opinion that Chrome, FF and Opera are relatively secure web browsers because of the sandboxing implementation of the former, the extensions, plug-ins or Greasemonkey user scripts available to the second and the ease of access to privacy/security settings and configurability and user scripts of the latter. Thirdly, it is my opinion that by virtue of market share or number of users, Chrome and Opera are the best examples of security by obscurity.
Lastly, based upon the body of evidence that I have read to date as well as the determination of commonly recurring exploits, I have concluded that other than html which is a necessary evil, disabling or blocking ActiveX, Adobe Flash Player, inline frames(Iframes) and JavaScript(JS) will effectively lessen the impact or negate the consequences of drive-by-downloads, zero-day/hour exploits or vulnerabilities and cross-site scripting(XSS) attacks and provide some protection against cross-site request forgery(CSRF) attacks. It has been my experience, at least in regards to Opera, that disabling JS breaks too much web functionality. A good compromise that I have found to close the gap in security between having JS disabled or "fully" enabled is to leave JS enabled and employ the use of Opera privacy/security specific user scripts along with disabling flash and iframes.
Peace & Gratitude,
CogitoErgoSum