Hyper-paranoia is one solution
A more practical type of paranoia is to use Branch builds of Firefox 2.0. Only way to get the latest fixes which sometimes includes security patches.
Strange that just today there are some secret entries...
#353249 [Core:JavaScript Engine]-(undisclosed security fix) [All]
#354750 [Core:JavaScript Engine]-(undisclosed security fix) [All]
#354924 [Core:JavaScript Engine]-(undisclosed security fix) [All]
Hard to test, at best these are probably alpha-patches, and the Mozilla dude did not encourage them to take the 500$ in return for full disclosure because of curiosity. However, keep eye on Bugzilla and update Firefox daily.
http://forums.mozillazine.org/viewforum.php?f=23The reason you know about this is bugs were presented on a stage with cameras and microphones! Mozilla security dudes sitting right next to "hackers". Im guessing the same people who have tried to do some quick alpha fixes
When bugs are out in the open, more or less, they also get fixed, worry more about those not born on a stage - though I still think turning off javascript is a big inconvinience as are noscript. No reason to assume the worst for normal user but of course flaws should not be neglected, not the case here either. Most security bugs you see fixed on for example Bugzilla does not end up there because security of 100000 people have been violated but because in theory it is possible.
If every single theoretical security flaw is a major security risk for browsing outside test-pages only solution is to turn off javascript, java, flash etc. - only way no matter browser. Safe today does not mean safe tomorrow or assume the worst.