Here's the rundown of my suggestions, from easiest (and safest) to most difficult (and therefore potentially hazardous if the code isn't perfect) to implement:
- ECDSA Named Curves beyond the NIST three. This would be safe and easy because they're basically just different numerical parameters for different curve names. It's also creeped people out a bit that the only supported curves are NSA creations. Edwards curves would also be a nice allowance, but that requires more than just an extended select statement, so less easy and safe.
- CRC32 and MD5 digest support. This would be new code, but they're so well-known that it would be difficult to mess up these days. And while they're totally useless for cryptography, they're still both in regular use for error checking. And of course Gravatar is still MD5 based.
- ECC support. It seems really weird to me that signing was included when encrypting wasn't. This would require some actual new code, but if Mozilla did their job right with the ECDSA implementation (what are the chances of that, though?), it shouldn't be hard to stay safe. This provides the added bonus of only needing to generate one key for both signing and encrypting, and benefits from the prior EC suggestion as well.
- Popular password digest algorithms. The ones that are intentionally slow to make Rainbow Tables take forever to generate. Hashing tends to be less vulnerable to attacks, but this could still be a little too advanced of a step to make without expert oversight.
- Supersingular Elliptic Curves. This is likely to be much more difficult than anything else on the list and therefore has a much higher chance of adding vulnerabilities to the browser. However, we're heading toward a world with 100 qubit computers right now, and it'll only take a few thousand qubits to make RSA and ECC useless. We've got about ten years, at best, unless physics throws us a real curveball. Post-quantum cryptography should be the standard today, to prevent something stolen today from being exposed in a decade.
It might also be nice to include some symmetric key options other than AES, but that's akin to a whole new project as opposed to just improving what already exists, and would probably be best done by a team of cryptography experts.
And I know it's kind of a cheap way to do it, but it might also help Pale Moon get some media attention if it's the first browser to support one or more of these options.