They changed the extension model which broke the extensions using the old model. Many of the developers didn't have the resources to rewrite the extension from scratch, or the new model had restrictions that made what the extension was doing difficult to impossible, so they disappeared.
Mandatory sandboxing increasingly seems like a misfeature. Now you can't install an extension that does a lot of things that are useful, ostensibly to protect you from malware.
Optional sandboxing can be good because users can have more confidence that something can't hurt them. But it can also be bad because users will have more confidence that something can't hurt them, and then it does anyway.
Meanwhile the ability to exercise arbitrary permissions given the user's authorization is something we've lost. And what have we gained, when the user just runs how_to_actually_uninstall_mcafee.avi.exe and gets the malware regardless?
No, you can still grant permissions to web extensions, but the difference is that it's now explicit, and it is at least possible to design extensions with minimally-required privileges. This vastly reduces the blast radius of an extension publisher takeover or an insider attack, for example.
> what have we gained, when the user just runs how_to_actually_uninstall_mcafee.avi.exe and gets the malware regardless?
Nothing would happen if I double-click that file, since it doesn't run on my OS. On the other hand, a compromised browser extension could deal an incredible amount of damage to me.
Are you saying that because we can't protect all users from all harm, we should just give up?
> No, you can still grant permissions to web extensions, but the difference is that it's now explicit, and it is at least possible to design extensions with minimally-required privileges.
The problem is the reverse. Some permissions are now considered "too dangerous" for the extension, so there is no facility to grant them even if the user wants the extension to do that and it has a good reason to.
> Nothing would happen if I double-click that file, since it doesn't run on my OS.
In which case the website could have fingerprinted your browser and served you the one that does.
> Are you saying that because we can't protect all users from all harm, we should just give up?
I'm saying that we should give people the tools and information they need to decide if and to what extent they can trust something, instead of presuming to decide for them.
If XUL were to continue as it does on Pale Moon, here is no need for Web Extensions given they are a reduced subset in terms of functionality compared to the previous XUL/XPCOM versions.
And ironically for all the talk of making it more secure, the amount of cross browser malware has only shot up since Mozilla decided to dump XUL in favor of copying Chrome's extension system.
WebExtensions is Chrome based not standards based. And Firefox had sandboxed and unsandboxed extensions before.
What Mozilla promised would have been worth it. Parity with Chrome's APIs. APIs to support popular features of old extensions. Support for extension developers to develop new APIs. But they abandoned these promises.
And they managed the transition badly. They chose an arbitrary deadline before evaluating scope or designing a migration path. They held the arbitrary deadline as they missed estimates. Extension developers didn't know when or if APIs they needed would be implemented. And no version of Firefox supported old extensions and reasonably complete WebExtensions APIs. These decisions made many problems for developers and users. And this was shortly after many developers spent much effort making their XUL extensions multi process compatible or converting them to sandboxed extensions.
