...if I only run Firefox with NoScript plugin on a Windows XP SP3 limited account behind a firewalled router? That's all; no antivirus, no HIPS, no SRP, and no sandboxing. It's not a trick question, nor meant to be a joke. I'm only looking for any and all possible methods of how this setup could be compromised. BTW, with NoScript I would only allow top level domains, while the rest I would select individually to render the web pages as I see fit.