Or you can just do what I did: Delete all search engines from FX and bookmark Scroogle. Two clicks to search. End of problem. If you can’t manage the two clicks, there was code somewhere about how to add Scroogle or anything else to your search engine list. Search the MZ instructions.

[off-topic political commentary deleted --dveditz]

Browsers are already bloated, this is just adding to the problem and creating a patched solution for the underlying problem: web developers don’t use adequate tooling to prevent serving their users threatening content.

This is not a sensible solution.

As much as I prefer Opera as my main browser, I think you are somewhat disappointed by Firefox, for reasons I might understand. However, that isn’t a valid argument against the folks who are trying to implement a security policy -we (or almost) all- we’re waiting for. Content restriction is a serious and -by far- underrated issue that had to be addressed at some point. The day of the “happy open web” is over, it has become a landscape of marketeers and mostly profit making folks who aren’t interested in your well-being. The news hat Mozilla is taking the torch of content restriction is a good sign, and we should encourage that instead of radiating our personal opinions of Mozilla -or- Firefox. I know very well that hundreds of developers spent countless hours on Firefox, giving their free time to make a change on the web. Albeit, some choices of Mozilla will affect & influence security of the browser (like plugin support), one must not forget that you do have the ability to modify/adjust Firefox to your needs, the choice is given to you, whereas many other browser vendors limit this very freedom.

If a site has been compromised won’t the attacker just add their dodgy domain to the list of domains that are okay? So you could go to Google but also download the dodgy iFrame at the same time cause the modified CSP would say it is okay? I am trying to understand how the new protection would actually make me safer on the web.

We never said XSS protection was “enough”, but we can’t talk about everything all the time. In this post we’re talking about Content Security Policy. CSP has a different focus from the features you mention, which are about how a web surfer can customize their experience. CSP is focused on letting site authors declare the expected content of each page so the browser can help prevent unintended content from being injected.

Apart from CSP, plain vanilla Firefox can block cookies and images per site, and on a global basis you can disable JavaScript and Flash (and/or other plugins). You can also disable the Referer header but that requires twiddling an “about:config” settings. The average web surfer does not use those features, but yeah, if you’re in the power-user minority that needs more than that then you have to install an add-on to get the full per-site flexibility Opera has ‘out of the box’.

I don’t understand your complaint about the search engine choice. Like Opera we default to a Google search. Like Opera there’s a drop-down that lets you switch engines with a handful of preinstalled choices (a lot of the same choices, like Yahoo, Wikipedia, Amazon, eBay, Answers.com). Like Opera you can add more. We even provide a link to our addons site where we have hundreds of choices. And you can right-click on any search form in any page, anywhere to create a keyword search you can later access from the URL bar at any time

But really, if you prefer Opera that’s fine by us. A Firefox monopoly would be a failure of our mission to bring choice and innovation to the internet.

external active content (firewall)
hidden frames (firewall)
webbugs (firewall, pixel webbugs)
XXS protect (firewall)
add-servers, most Google shit (firewall)
modified Hosts file

and the possibility to choose our own search engine and not the ones that have been pre-choosen by Mozilla (i.e. Scroogle in stead of that
intrusive Google shit, which is the biggest thread to privacy ever !)
Mozilla sold out to Google, i never will.

Until that day arrives I will stay with Opera (10) (and never ever use Firefox) combined with webcontrol by a third party firewall.

Still a long way to go for Firefox intill it will be a secure browser.