[Xylakant]

Go ahead. Really. You’ll quickly find that even just forking and building and distributing your releases for every FF-Release (not to speak of keeping your patches up-to-date) will consume a substantial amount of resources. Just consider the case that a 0day drops, FF gets an urgent maintenance release at what’s midnight in your TZ and your patch doesn’t apply cleanly. That’s why every time something controversial happens there’s talk of “it’s time to fork” and no real, sustainable fork appears.

[zzzcpan]

> Just consider the case that a 0day drops, FF gets an urgent maintenance release

It's only urgent if the browser is adtech optimized and delivers tons of random third party js, html on every page visit by default. Otherwise with sensible defaults that block all that the risk of exploitation of any 0day is too small to make it urgent.

[Xylakant]

There have been sufficient issues with libraries such as zlib and handling of various image formats. Running without js certainly reduces the attack surface substantially, but it’s not a full protection.

[zzzcpan]

Yeah, image libraries is one of the reasons I disable images on all forums that I visit, apart from being tracked by random participants through image requests.