[mattbasta]

For the same reason Facebook puts a big loud warning in the developer console. People will follow any instructions they're given. "Press ctrl+shift+I and paste this in the box and you'll get a free puppy" "Put this in your address bar and your crush will be revealed" "Go to about:config and double click this thing, and then click this link and we'll show you nearby singles that want to hook up"

Firefox add-ons essentially have full, unrestricted access to your computer. Locking this down good and well is pretty important.

[jMyles]

This argument doesn't really square with me.

Why not just remove sudo then?

Why give me any access to my computer at all?

[cpeterso]

Non-technical users do not use sudo, but they do use a web browser. Do you think Facebook add this JavaScript console warning for no reason at all?

   .d8888b.  888                       888    
  d88P  Y88b 888                       888    
  Y88b.      888                       888    This is a browser feature intended for 
   "Y888b.   888888  .d88b.  88888b.   888    developers. If someone told you to copy-paste 
      "Y88b. 888    d88""88b 888 "88b  888    something here to enable a Facebook feature 
        "888 888    888  888 888  888  Y8P    or "hack" someone's account, it is a 
  Y88b  d88P Y88b.  Y88..88P 888 d88P         scam and will give them access to your 
   "Y8888P"   "Y888  "Y88P"  88888P"   888    Facebook account.
                             888              
                             888              
                             888
  

See https://www.facebook.com/selfxss for more information.

[alexvoda]

I think this is unnecessary, especially in the land of FLOSS licensed software where the developer disclaims any and all warranties. Developers should focus on usability, and not on idiot-proofing software.

There is no way to guard against users installing malware themselves. No matter what kind of safeguards and check summing and signing you use for your application once a program has full access to a machine it can do anything, including bypass your safeties.

You can't fight user stupidity. In doing so developers do a disservice to their regular users. (The way Chorme prevents this issue is exactly an example of this because the app is no longer portable) No matter what kind of padding you add, stupid users will still manage to hurt themselves in the most unexpected and unimaginable ways.

I really despise this trend stared in the US and the rest of the western world where idiots sue companies for the effects of their own idiocy and this results in all kinds of redundant warnings on products that just serve to guard the manufacturer from stupid lawsuits. We should not strive so much to go against natural selection. Darwin awards exist for a reason.

[Manishearth]

Firefox actually has additional protection against such attacks. Minor annoyance for developers (who may not even hit it if they use the console regularly), but helps mitigate such attacks quite a bit.

http://inpursuitoflaziness.blogspot.in/2014/04/the-battle-ag...

[jMyles]

> Non-technical users do not use sudo, but they do use a web browser.

Your casual casting of a swath of the population as "non-technical" notwithstanding, the point is still sound: why do you think that it's worth gutting this feature as a safeguard against someone being fooled into navigating to "about:config" but not worth removing sudo for the same reason?

If someone can be persuaded to abuse "about:config", why not sudo?

[cpeterso]

90% of web users are on Windows, where there is no sudo. Malicious add-ons make money by injecting ads, overriding default search engine settings, capturing login credentials or even local files, or installing zombie spam relays. sudo is unnecessary for these attacks. How does one make money with sudo?

And as for locking down sudo, OS X is now "rootless" (System Integrity Protection) by default, preventing even sudo access from modifying some system settings.

[jMyles]

> 90% of web users are on Windows, where there is no sudo.

This argument is becoming increasingly specious.

Firefox is the default browser on Ubuntu, where there is sudo. So do you acknowledge that it is consistent to keep this preference in at least the linux version of FF?

[verusfossa]

Oh you're right! We need EME'd web assembly so Facebook can hide everything behind a proprietary binary blob. THEN the user will really be free from themselves and their own stupidity. \s