What you are looking for is largely implemented using SELinux policies and extended attributes to
files that include security tag information. SELinux policies are being pushed into X and used to
manage Firefox as well as most of the other network connected software on your system. This has
largely already been accomplished, if you are running a reasonably recent copy of Fedora (from the
last several years) all this stuff exists and is enabled by default. As long as the applications behave
and the policies are right the underlying protection is pretty unobtrusive.
While we stand around and talk about how browser and desktop security should work in the future,
others are actually taking care of the problem and before anyone realizes it has happened it will all