Given that Firefox aims to be a mass-market browser (used literally by millions), it cannot come with defaults too heavily weighted towards privacy/security. If it did, millions who prefer easy functionality to privacy or security would deem it "dysfunctional" and reject it. In the world of apps, it is an unfortunate reality that one must design for the lowest common denominator. The developers have no other choice, and there's nothing you or I can do about such default behaviour either. What we can do is harden our own installation to fill in the holes. The recommended add-ons do exactly this.
I suppose that it is just remotely possible that NoScript is itself a Trojan. I've deemed this to be so unlikely that I have no problem installing and using it. You have to make your own determination. Keep in mind that there is a point at which "security-conscious" becomes "paranoid". This point varies for each person. Not calling you paranoid. Just pointing out that we all have different tolerance for risk. But unless you are knowledgeable enough to comb through the source code, change to your liking and compile from scratch, at some point you have to just take a chance and go on trust. Personally, I already consider it fortunate that Firefox is sufficiently open to easily allow hardening.
I use links2 for all general browsing. It can't run scripts, nor support cookies. Ergo, instant solution to the two worst privacy/security holes in a typical browser. But it is bare-bones, butt-ugly and will raise howls of sneers and laughter from the eye-candy crowd. As much as I like it and love its philosophy, it will never be anything other than a niche browser loved by tin-foil-hat paranoid kooks like me. If you are concerned about installing a Trojan, you can download the source code, go through it with a fine-toothed comb and compile it yourself. For those slightly less paranoid:
Code:
sudo apt-get install links2
Edit:
links2 does sustain frames and images, but you must run it in graphics mode with the -g switch to get this functionality.
Bookmarks