@postmodern @todd_a_jacobs From the top of my head (and skimming through the Attack&Defense blog ) FF definitely employs fuzzing[1], audits their code[2] and last time I checked you could even collect bounties by running ASAN-enabled nightly builds (bug enrichment+telemetry). Edit: here’s also something[3] about the FF sandbox.
There are certainly differences between Chrome, and I mostly agree with the general point you are trying to make, but without specifics this is just FUD. Also, having a beef about an org not porting an entire browser to Rust just tells me you don’t really grasp the complexity of such a task (neither do I btw).
[1] This is just one of many examples: https://blog.mozilla.org/attack-and-defense/2021/05/20/browser-fuzzing-at-mozilla/ See also: https://bugzilla.mozilla.org/buglist.cgi?quicksearch=fuzzer [2] How is this even a question? Example: https://blog.mozilla.org/attack-and-defense/2021/11/03/finding-and-fixing-dom-based-xss-with-static-analysis/ [3] https://www.youtube.com/watch?v=StQ_6juJlZY