Pocket required essentially no work. They bought an existing service and stuck a fancy bookmark for it into Firefox.
And well, I'm mainly just repeating what Mozilla devs have said. They are deeper into the matter than both us, they can better judge just how much work it is. And it's easy to forget just how complex web browsers are. None of the major browsers use a browser engine which's development started in this millenium for exactly this reason.
I'm also not aware of Chrome being less explodable. I'd say, it's more explodable with its malware-filled extension store, default unencrypted sync service and annecdotally a vulnerability like this [1] being left unfixed for years and careless behaviour like this [2].
Firefox used to have a worse security architecture, but it's essentially equivalent now. The only real difference that I'm aware of, is that Firefox by default groups processes for tabs, meaning if a webpage manages to exploit a major vulnerability in Firefox to gain control of the process it's being executed in, then it has access to 1/4 of your tabs and therefore might potentially be able to steal sensitive data, whereas in Chrome it would then also have to exploit a vulnerability in the OS to do that.
Pocket required essentially no work. They bought an existing service and stuck a fancy bookmark for it into Firefox.
And well, I'm mainly just repeating what Mozilla devs have said. They are deeper into the matter than both us, they can better judge just how much work it is. And it's easy to forget just how complex web browsers are. None of the major browsers use a browser engine which's development started in this millenium for exactly this reason.
I'm also not aware of Chrome being less explodable. I'd say, it's more explodable with its malware-filled extension store, default unencrypted sync service and annecdotally a vulnerability like this [1] being left unfixed for years and careless behaviour like this [2].
[1]: https://github.com/anttiviljami/browser-autofill-phishing
[2]: https://www.wired.com/story/chrome-yubikey-phishing-webusb/
Firefox used to have a worse security architecture, but it's essentially equivalent now. The only real difference that I'm aware of, is that Firefox by default groups processes for tabs, meaning if a webpage manages to exploit a major vulnerability in Firefox to gain control of the process it's being executed in, then it has access to 1/4 of your tabs and therefore might potentially be able to steal sensitive data, whereas in Chrome it would then also have to exploit a vulnerability in the OS to do that.