[zzzcpan]

> Just consider the case that a 0day drops, FF gets an urgent maintenance release

It's only urgent if the browser is adtech optimized and delivers tons of random third party js, html on every page visit by default. Otherwise with sensible defaults that block all that the risk of exploitation of any 0day is too small to make it urgent.

[Xylakant]

There have been sufficient issues with libraries such as zlib and handling of various image formats. Running without js certainly reduces the attack surface substantially, but it’s not a full protection.

[zzzcpan]

Yeah, image libraries is one of the reasons I disable images on all forums that I visit, apart from being tracked by random participants through image requests.