To be fair to the basic user, this is just one more reason for not using a network whose security you aren't confident in. Surely?
If that way of subverting the background insecure traffic is similar (as I read it) to sending 302s for traffic begun by the user specifically entering a request in a separate browser instance in the same session, where non-https traffic happens, ie 'surfjacking', then a secure VPN to subvert sniffing is yet another layer of protection to add to your other recommendations, but it matters little how many instances of Firefox are open.
However, for the careful browser interested in layers of protection, surely one can only trust the webmaster of a site just so far, in which case every layer of defence, including only being logged to a single site when sensitive data is involved - to obviate session riding in some manner by another website, is helpful. Not that I don't completely trust NS to prevent XSS and CSRF etc, but I don't completely trust the automatic functions of the Moz update machine to leave my addons untouched at any single update episode plus I don't trust myself to reliably prevent corruption of my Firefox install from all causes; it's happened to me once that NS load-on-start was corrupted by a EDIT: Firefox version update and I'd been navigating with a couple of windows open before the third one opened with all active content blazing and I realised that NS wasn't running.
So I still think it's a good use of Firefox with NS to only open a single instance when running a secure session, independent of how secure your network may be from sniffing.
If that way of subverting the background insecure traffic is similar (as I read it) to sending 302s for traffic begun by the user specifically entering a request in a separate browser instance in the same session, where non-https traffic happens, ie 'surfjacking', then a secure VPN to subvert sniffing is yet another layer of protection to add to your other recommendations, but it matters little how many instances of Firefox are open.
However, for the careful browser interested in layers of protection, surely one can only trust the webmaster of a site just so far, in which case every layer of defence, including only being logged to a single site when sensitive data is involved - to obviate session riding in some manner by another website, is helpful. Not that I don't completely trust NS to prevent XSS and CSRF etc, but I don't completely trust the automatic functions of the Moz update machine to leave my addons untouched at any single update episode plus I don't trust myself to reliably prevent corruption of my Firefox install from all causes; it's happened to me once that NS load-on-start was corrupted by a EDIT: Firefox version update and I'd been navigating with a couple of windows open before the third one opened with all active content blazing and I realised that NS wasn't running.
So I still think it's a good use of Firefox with NS to only open a single instance when running a secure session, independent of how secure your network may be from sniffing.