Out of the box, IceDragon 42.0.0.25 routed DNS queries through Comodo’s SecureDNS servers (by default, unless manually disabled). This meant that even if you typed a malicious URL, the DNS resolver would refuse to resolve the address, effectively blocking malware command-and-control servers before the HTTP request was made.
If a page used Google Fonts but Google’s pin did not match the intermediate (some load balancers), Icedragon blocked the font and fell back to system fonts. This caused layout shifting. comodo icedragon 42.0.0.25
Many corporate IdPs rely on popups from one domain writing cookies for another. Icedragon’s cross-origin policy blocked any script-initiated cookie write from a lower zone to a higher zone. Result: SSO loops. Out of the box, IceDragon 42