| > Even the linked article demonstrates the opposite No it doesn't. Servo is still chugging along. Firefox wants to get Servo's advances early. > I have yet to see a concrete commitment from Mozilla that Servo will be fully utilized in Firefox. Because Servo is a long term project. And writing a new browser engine is hard, if you want to be 100% web compatible. Servo's getting there, but it will take time. > We're still in security hell due to SM. No it doesn't. Content sandboxing is being actively worked on. Even if not, pcwalton already mention that SM and V* are roughly on par wrt safety features (aside from sandboxing). > Alternatively, you never let it get to the point where getting it down is essentially a no-op. You have yet to demonstrate why you think Firefox's attack surface is that bad. You linked to a blog post which uses this (http://cyber-itl.org/blog-1/2016/8/12/our-static-analysis-me...) metric, which is light on the specifics (or reproducability). ASLR and content sandboxing may be enough to bump Firefox back to the top. There's nothing there to convince us that the metric used maps well to real-world exploitability. |