Статья на английском про различные установки безопасности в браузерах.
http://code.google.com/p/browsersec/wiki/Main

Оглавление одного из разделов:
Standard browser security features
Same-origin policy
Same-origin policy for DOM access
Same-origin policy for XMLHttpRequest
Same-origin policy for cookies
Same-origin policy for Flash
Same-origin policy for Java
Same-origin policy for Silverlight
Same-origin policy for Gears
Origin inheritance rules
Cross-site scripting and same-origin policies
Life outside same-origin rules
Navigation and content inclusion across domains
Arbitrary page mashups (UI redressing)
Gaps in DOM access control
Privacy-related side channels
Various network-related restrictions
Local network / remote network divide
Port access restrictions
URL scheme access rules
Redirection restrictions
International Domain Name checks
Simultaneous connection limits
Third-party cookie rules
Content handling mechanisms
Survey of content sniffing behaviors
Downloads and Content-Disposition
Character set handling and detection
Document caching
Defenses against disruptive scripts
Popup and dialog filtering logic
Window appearance restrictions
Execution timeouts and memory limits
Page transition logic
Protocol-level encryption facilities