Finally something out again from the minds of Zalewski and vsftpd father Chris Evans: http://code.google.com/p/browsersec/ That's the best compendium regarding browser security that I can find on the web. Really interesting the parts regarding "Defenses against distruptive scripts" and cross-domain policies. How funny was for me to see that our most hated browser, IE (the winner of no-w3c-compliant awards...), is also as we all know the most bugged regarding security. Hope you will enjoy the book.