> The hacker can probably still compile one by their own, but at least it will makes them pain in the ass.
I've compiled a branded build of Firefox myself, and it is as simple as setting a single flag at compile time. Almost trivial. The only protection that branding has is legal, not technical. If I tried redistributing the branded build then Mozilla might sue me. Do you think they will be able to sue malware authors when they do it?
There is absolutely nothing stopping a hacker from replacing or patching Firefox.exe with a branded version that will run their hostile extension. Even if they do not have write access to Firefox.exe, they can download it somewhere else and change where the shortcut points to. It would be almost impossible to tell the difference.
This is not a serious security measure.
But I think you are missing the bigger point here. If they can write to files on your computer, then it is far too late. They can encrypt and ransomware your documents, they can install a keylogger, and they may be able to extract all of your passwords and cookies from Chrome and Firefox.
It would be like if someone stole your car, but at least they don't have the keys to the glove compartment.
Not sure if that is what they do, but on many platforms, there is also code signing. E.g., even if you could trick someone to download your patched/hacked version of Firefox, I believe they'd get a warning on Windows that the software is unsigned.
I've compiled a branded build of Firefox myself, and it is as simple as setting a single flag at compile time. Almost trivial. The only protection that branding has is legal, not technical. If I tried redistributing the branded build then Mozilla might sue me. Do you think they will be able to sue malware authors when they do it?
There is absolutely nothing stopping a hacker from replacing or patching Firefox.exe with a branded version that will run their hostile extension. Even if they do not have write access to Firefox.exe, they can download it somewhere else and change where the shortcut points to. It would be almost impossible to tell the difference.
This is not a serious security measure.
But I think you are missing the bigger point here. If they can write to files on your computer, then it is far too late. They can encrypt and ransomware your documents, they can install a keylogger, and they may be able to extract all of your passwords and cookies from Chrome and Firefox.
It would be like if someone stole your car, but at least they don't have the keys to the glove compartment.
It is not a justification for Mozilla is doing.