[mcpherrinm]

Firefox used to be built in a custom markup language called XUL, which had a number of security issues over the years as it got less attention than the HTML, etc used to render page contents.

So this should help Firefox be more secure, by decreasing attack surface.

[noja]

But XUL was simpler, wasn't it?

[pcwalton]

Maybe marginally so in isolation? But that isn't the metric that matters, since a browser has to render HTML. HTML + XUL is more complex than just HTML.

[floatboth]

The article talks about XBL (the binding part of XUL?):

> There are hard to debug complications with binding lifecycles in our UI, and very few people know how it works.

> It adds enormous complexity to our platform in the frame constructor, style system, and the DOM implementation.