If you download the Microsoft® Windows® Software Development Kit (SDK) for Beta 2 of Windows Vista and WinFX Runtime Components, then you actually get the C++ compiler that includes support for the "preFAST" /analyze code analysis feature.

Normally, you'd only get this if you purchased Visual Studio Team System for lots of $$$.

I installed it, and managed to get Mozilla Firefox compiled (just a couple of patches required - problems with the new headers in the SDK conflicting with Mozilla code).

The easiest way to analyze the code is to edit your mozconfig file and add the following:

ac_add_options --enable-optimize="-analyze"

I've uploaded a build log that includes the various warnings. Many are spurious, so the trick is to weed out the noise and find the ones that are relevant.