[jxn]

Eventual security, perhaps, but that's a loooong stretch-goal. The fact of the matter is, even Servo, which is written-from-scratch and lacks all the UI goodies, is only a fraction Rust. It'll be a long time before supported libraries could be rewritten and rust, and I reckon a rewrite of all these things is likely to cause more new human-error security flaws than it will eliminate pointer/memory related security issues. In the (very) long run, though, I agree.

[pcwalton]

I don't think that's true for layout/graphics at least. Generally, the worst that can go wrong for incorrect layout, beyond memory safety, is that a box ends up in the wrong place, or the engine harmlessly panics with a crashed tab. There can be spoofing issues with boxes being drawn in the wrong place, but those are minor compared to RCE.

[MichaelGG]

What percentage of critical vulnerabilities in Firefox were due to memory safety issues? Is it changing dramatically?

[pcwalton]

> What percentage of critical vulnerabilities in Firefox were due to memory safety issues?

The vast majority of them.

(I haven't done the exact analysis, but I have performed similar ones and the fact that memory safety issues dominated was clear. Note also that I am not claiming that solving memory safety issues is a panacea. "Merely" that we're defending against the vast majority of critical security vulnerabilities.)