Slashdot Mirror
Microsoft's Emergency Internet Explorer Patch Renders Some Lenovo Laptops Unbootable (betanews.com)
Earlier this month, Microsoft issued an emergency patch for Internet Explorer to fix a zero-day vulnerability in the web browser. The problem affects versions of Internet Explorer from 9 to 11 across multiple versions of Windows, but it seems that the patch has been causing problems for many people. Specifically, people with some Lenovo laptop have found that after installing the KB4467691 patch they are unable to start Windows, reports BetaNews.
That is all.
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
Stating a device is not bootable is far different than stating that an operating system is not bootable. The headline alone implies that a Windows update bricked laptops, which isn't true at all.
Remove Windows, install real OS. Problem solved.
"Here! Here's a badly needed security patch for a we browser. Oh - your computer won't boot even to the OS level? Sucks to be you." I've been MS-free for about 15 years now, migrated a bunch of friends and family to Linux and we just couldn't be happier.
I could understand if a patch to MS-IE were to make IE not work with some hardware configuration ... but why should this stop a machine from booting ?
This was a security issue ... it appears that MS has code spanning user & kernel space and, what should be, a user space fix is partly in the kernel. Presumably this is to try to squeeze a bit of performance, but all that it does is to produce fragile systems.
Separation of different code modules that do different things is one of the really basic concepts in programming, it appears that this does not happen at MS. Why not ? What on earth are these guys smoking ? (Cue the MS apologists who will burble some sorts of excuse.)
Another demonstration of the fact, which Microsoft's execs testified to under oath, that IE hooks into the operating system in ways that other browsers do not. This makes security issues in IE more dangerous.
A bug in Chrome, or even randomly deleting Chrome files, doesn't make Windows unable to boot. No Firefox bug can ever make the system unbootable. Trying to fix IE makes the system unable to boot, because IE has its claws sunk into the operating system.
Therefore security issues in IE are more likely to affect the underlying operating system. Whenever I mention that on Slashdot, people agrue, saying I'm wrong. But here we see that trying to fix a security issue in IE makes the OS unbootable - IE security is tied into the OS. That's one more reason to avoid using Microsoft's browser.
so they could skirt around European anti-trust rules that said they couldn't bundle a competitive product with an unrelated product (since that would be an abuse of their defacto OS monopoly). This way they could go to the EU and say "See, it's not that we're bundling IE with Windows in order to leverage our monopoly and break open Internet standards, it's just every so crucial to our OS". Worked too. The downside is everytime IE breaks it takes everything with it.
Take a bad engineering decision by Microsoft and you'll almost always fine evil, and not incompetence, at the heart of it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It seems to me that Microsoft's top management is utterly incompetent.
Microsoft: No one is managing well?
then again you could get the same level of security by repeatedly hitting it with a sledge hammer.
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Yeah :/
Spoilers: it turns out that Microsoft has adopted systemd!
"IE has its claws sunk into the operating system.
Therefore security issues in IE are more likely to affect the underlying operating system."
That seems correct to me. It seems that everywhere we look, we find that Microsoft is managed poorly.
I agrue with you.
They'd tell you to... run their antivirus, reboot 5 times, remove all custom installed software, clean your cookies, change your mouse driver, then when you're about to scream... reinstall windows. You'd have better tech support from answering the phone... "This is windows calling, your computer have virus"
So according to https://support.microsoft.com/... it's:
1. Vendor-specific (Lenovo only)
2. Dependent on the amount of memory (systems with less than 8 GB of RAM are affected)
3. Somehow related to Secure Boot (disabling Secure Boot is listed as a workaround)
And all the trouble is caused by patching a web browser (however deeply integrated with the operating system)? What the hell?
Because when MS said that shit during their anti-trust trial, people didn't believe them.
People thought they just added some hooks that didn't do anything, so that they could say it. They didn't think they really believed it was a good idea, or that they were going to not only do it for real but still be doing it twenty years later.
" If you want to maximize profit based on customer lock-in to a complex integrated monolithic system, it is good practice."
That is long-term abuse. Eventually markets find ways to navigate around abuse. Maybe ReactOS?
Run Windows programs under Linux? How to run Windows software in Linux: Everything you need to know. (March 23, 2015)
A later story: How to Run Windows Programs on Linux? (August 10, 2018)
More than two decades after releasing IE they're still patching it and still not getting it right.
Your PC won't boot, leaving your basement pitch black.
You are likely to be eaten by agrue.
They make a path that borks a whole system.
Corporatism != Free Market
Another less known side of the story of IE considered being necessary was there was a *ton* of business/enterprise software that just embedded IE as a general text editor and/or display window. Getting rid of this would downright cause that software to crash because its running on windows, and windows always has IE. Can you imagine some businesses getting a forced update that removed IE and then business ground to a halt? oh right, windows does that anyway.
That's one more reason to avoid using Microsoft's browser.
I'm not disagreeing with you, but HOW does one "avoid using Microsoft's browser?"
TFS doesn't say that actually USING IE smoked the OS. The UPDATE did.
Before this incident, I would have been one of the jerks pointing out to you that MSFT was, by litigation, forced to decouple IE from the OS.
You're right and I was wrong.
Thanks.
It little behooves the best of us to comment on the rest of us.
The sick reason why this is so. They built elements of internet explorer into the OS so that firefox and chrome would appear to load and run slower than internet explorer because elements of internet explorer are already running in windows. This was like delayed start for service in windows, ohh, look windows loads faster but whoops, it won't run apps tied to those services that have not started yet but M$ can brag how fast the windows GUI boots even though you can not run apps, until delayed start services have started.
Chaos - everything, everywhere, everywhen
"That's one more reason to avoid using Microsoft's browser."
;^)
That's one more reason to avoid using ANYTHING Micky$oft sells / gives away / steals / copies / etc... !
That's also reason for all Third-Party Windows Applications to release a version for Linux!
That's one bonus for Microsoft.
Historically, how it happened was in the early 1990s, before the web, Microsoft spent a ton of money building a really cool technology. The sudden rise of the web screwed up their plans and they had to scramble to try to salvage some of their investment.
They had something called OLE, Object Linking and Embedding. Basically it let you put one document inside another - a picture inside a spreadsheet, a song in a Word document. Microsoft spent lots of money and time building on this idea, it was their "big new thing", an OS (shell) and programming tools built around this concept. This next generation of OLE was called COM. Just before the release in Windows 95, something interesting happened.
As Microsoft was about to start the big PR blitz showing how not only could your Word documents contain pictures, but even your desktop could contain active programs, along came "IMG src". Even "TD IMG src" - you could have a table with an embedded picture with no proprietary Microsoft technology needed. Microsoft's "big new thing" was suddenly outdated as a overly complex, over-engineered mess just as it was released. Fuck! Literally their were a lot of Fun bombs at Microsoft when they saw the rise of HTML, with its simplicity.
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment?
They route they chose was to rename COM to "ActiveX" and pitch it as a web technology. Internet Explorer became the most important ActiveX container. Instead of focusing on an Active Desktop, the sales pitch was to use this on the web, with ActiveX web pages. What was originally supposed to be done by the File Explorer shell now needed to be done by the browser, so the two projects merged to become Explorer. The desktop shell Explorer and the browser Explorer were the same code with a different wrapper.
Over time, the competitive issues you pointed out became more important.
Someone may point out "that was 20 years ago". Yes, it was. This post is a history lesson in how we got here.
Buy more RAM.
And say it?
Is 2019 finally the year of the Linux desktop?
2019 is the year of the Windows bricktop. Bazinga!
WARNING: Smartphones have side effects--most of them undocumented.
It doesn't make the laptops "unbootable", it just makes so that Windows can't boot.
That's not unbootable: That's an opportunity to install Linux. Problem solved!
Sometimes the "writing on the wall" is blood spatter...
They made it hook in in response to the Netscape trial for Microsoft's competitive practices with marketing Internet Explorer. Netscape was trying to get the result of forcing Microsoft to remove the browser from the OS so they would compete on an even field. Bill Gates ordered them to make it where that couldn't be done. Microsoft had already made this argument in court but Netscape was able to prove they were lying. This led to Windows Millennium that they backported this "feature* to Windows 98.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
I strongly suspect that making IE tied into the OS was for political reasons. More exactly, in the 2001 antitrust lawsuit Microsoft claimed that IE was inextricably linked to the OS. Someone (sorry, can't remember who) debunked that and showed a version of Win9x that ran just fine without IE.
I guess that Microsoft decided to make IE and Windows really entangled after that, so they would be not be caught with the same lie again. But design-wise, that is a bad idea. More modular and less entangled code is easier to maintain and tends to have less bugs. I guess the current problems are a late consequence of the politics-driven design decisions of 20 years ago.
C - the footgun of programming languages
It is nice to get yet further proof that you guys remain as reliable in your behavior as ever.
What the hell is an "agrue"? Is it similar to an alot?
What QA? MS got rid of its QA years ago!
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
That's one more reason to avoid using Microsoft's browser.
That's one more reason to avoid using Microsoft's operating system, too.
I know it's fun and exciting to blame a web browser hotfix for a booting problem..... especially when it's Internet Explorer, right? But..... ahhh, shit, hate to spoil the fun, but this is just another case of "journalists" not doing the bare minimum of reading before shitting out another article they'll get paid $10 for.
This booting problem with Lenovo laptops has existed for a month and a half -- it was introduced in the November 2018 cumulative security update. It even says so right there in the patch notes! But because these "journalists" don't know how to read anymore, we end up with Slashdot articles like this one that don't have the correct information in them.
All Windows patches are now cumulative, so sure, if you apply the IE hotfix to a machine that is three months behind in updates, then you can hit this problem. But it's not the IE part that's causing it.
Windows Explorer aka File Explorer is the program which displays the desktop, start menu, taskbar, etc. It's what you see when you run Windows. Starting with Desktop Update (September 1997) and Windows 98, Explorer was actually displaying web pages when you navigated through your files. Settings for a folder, such as "show hidden files" were implemented as changes to the underlying web page. So at that point the Windows shell, the part of Windows you see, was implemented as a program for displaying web pages - a web browser. It also got back and forward buttons, etc, at this time. This also introduced Active Desktop, a web page as your desktop (which means your shell must be a browser).
That was all four years before 2001. Over the next few years, there was further convergence.
As far as "proving IE could be removed", you're probably thinking of the Felten testimony. Netscape had Felten testify that Microsoft *could have* built a version of Windows without IE. He based this on Felten "removing" (disabling) the internet functions of Windows, while maintaining minimal non-internet functionality. There are two big things to note about what Felten did. First, parts of IE he simply hid, he didn't remove them. Secondly, he removed system functionality - the most obvious, but not most important, being Active Desktop. Essentially Felten proved that you can hide the desktop and start menu shortcuts for IE. Which is different from actually removing IE.
I'm no fan of Microsoft - I didn't allow any Windows devices on the company network during the years I had the authority to make that decision. (It was a security company). On this point, it's true that IE couldn't be *removed* without significantly affecting the OS.
I don't understand the complaints about this. IE is now secure on the computers that cannot boot.
Just before the release in Windows 95, something interesting happened.
Your timeline is skewed. Active Desktop took place in Windows 98 with IE4. Then you go with
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment? They route they chose was to rename COM to "ActiveX" and pitch it as a web technology.
That isn't what ActiveX is at all. It was an extension of COM to allow scriptability to the system. IDispatch. COM objects could now be usable in a type indifferent scripting language. They shoehorned this into the web, but it was and is a very large part of the Windows Explorer Shell. A common platform. Something Linux still struggles with.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Thank goodness I don't ever use Explorer.
Just cruising through this digital world at 33 1/3 rpm...
Mod parent up, STAT!
Just cruising through this digital world at 33 1/3 rpm...
It is as the Lord of the Rings, an unique ring that rules every.
M$ is the Lord of the Keys, an unique key that rules every.
Yes! M$ is the only owner of every the modern PCs in ithe world.
When M$ is extinguished, every the modern PCs will become uncontrollable because its owner is extinguished forever.
Billions of modern PCs will become trash and billions of $$$ lost.
Here's an article that Microsoft added to MSDN in 1995.
The second half of the article covers iDispatch, a style of COM interface.
https://web.archive.org/web/20...
Here's the 1996 Microsoft announcement officially announcing the ActiveX name and their strategy for presenting it as a web technology, in which they say "ActiveX controls (formerly COM components)". The Microsodt announcement says thousands of COM/ActiveX components were already available, but could now be used in the web browser (IE 3.0).
According to Microsoft's announcement, ActiveX controls" were formerly called "COM components". According to their announcement, many companies had already been making them, as "COM" for desktop software, prior to IE 3.0 supporting them and the change to the ActiveX branding.
One reason I remember this so clearly is that I was one of the people making COM components at the time it was rebranded ActiveX. I know I didn't have to change my software in order to make my existing COM components, including a styleable linear "slider" control I designed, into ActiveX components - the only change was the branding.
You are correct that Active Desktop was September 1997.
Your PC won't boot, leaving your basement pitch black.
I got vintage lava lamps in my basement. Goes good with the wood paneling & green shag carpeting.
I forgot to include the second link.
https://news.microsoft.com/199...
It's a PR puff piece, of course, so you can filter through the hype to get the information. The summary of that is:
Existing ActiveX controls (previously known as COM components) which were created desktop applications are now supported in IE.
What is mind boggling is why they were so stubborn to change course and made themselves become increasingly more unpopular as they tried to force the ideas they wanted on everyone who did not want it. Really lost their customer focus and become unreliable suppliers. I liked all things M$ once, no longer, they seem not to be able to correct their mistakes and take on a greater customer focus. Instead, locked into forcing what they want on their customers but then they are not the only tech company to fall into exactly the same hole and just keep digging and digging as fast as they can, same crap warranties, same marketing lies, same dodging responsibility for major failures and same attitude to change, only when it is too late to work, only once they are forced.
Chaos - everything, everywhere, everywhen
everyone seems to forget it only happens on Lenovo laptops so maybe the flaw is with them mostly. And not MS this time around.
Everyone is a failed propaganda artist on the internet.
He left out the greater context in which this was happening. Netscape was the dominant browser from 1993-1998. You had to pay to buy Netscape during this time, just like buying Photoshop or Office. IE wasn't included as part of Win95, and as a standalone product it wasn't very successful.
Gates didn't believe in the Internet. Microsoft had bet on the CompuServe/GEnie/AOL model of global networking - where people paid to dialup to portals set up and controlled by one company. MSNBC was originally Microsoft's (and NBC's joint) foray into this model. That's right, you initially had to subscribe to MSNBC in order to view its content. As a result, Windows was late getting a TCP/IP stack (necessary for Internet) built in (it was included with Win95). Microsoft was very much a follower on everything happening on the Internet, like the web (which became big in 1994). Microsoft couldn't stomach the idea of someone else controlling the web, so they went for the jugular. They included IE for free with Win98, thus choking off Netscape's revenue stream. What Microsoft had done to Stacker was still fresh in everyone's minds. (Stac came up with the idea of disk compression. When Microsoft was unable to come to a licensing agreement with Stac, they built their own version and included it for free with MS-DOS, thus killing off the sale-ability of Stac's product.)
Bundling IE with Win98 for free would of course would raise the same legal issues the Stacker case raised - whether Microsoft should be allowed to use profits from DOS/Windows to subsidize development of products which competed with existing products which ran on DOS/Windows. There was a possibility a court would order Microsoft to unbundle IE and sell it separately in competition with Netscape. So to stave off that possibility, they did everything they could to tie IE as deeply as they could within Windows. That way they could honestly argue in court that it was impossible to unbundle IE from Windows.
And that deep embedding to prevent a court from thwarting their ploy to kill off Netscape is why an IE patch today can make Windows unbootable.
The COM and ActiveX stuff is relevant because Microsoft realized that if the world moved from DOS/Windows apps to generic web-based apps which could run on any OS as long as it had a compliant browser, nobody would pay for DOS/Windows anymore. So they set out to take control of web-based apps with ActiveX. (As it turned out, the performance hit for running a web-based app was big enough that it didn't really become competitive with native OSes until the mid-2000s, about the time Flash and Java came into their own.)
Comment removed based on user account deletion
One mitigation that I saw listed was removing access to jscript.dll until the system in question could be patched. That makes me wonder if Lenovo built something using a scripting engine included with the OS, then had it yanked out.
fencepost
just a little off
As always with Microsoft, they just copied existing technology and bought up firms.
That would be OK... the problem is that they always acted like *they invented* it too! So much so, that people (like you) actually spread that revisioned history too!
I don't blame you, btw. I used to say "But they didn't copy $x!" too. E.g. for ActiveDirectory. But for every single case, I later found out that it was a mere copy. (AD is just LDAP+Kerberos+CIFS+DNS. CIFS was by IBM, like Windows NT aka OS/2, btw.)
Can't agrue with that.
Escher was the first MC and Giger invented the HR department.
I remember the Billy Gates TV commercials (anyone else remember them like I do) with Billy
sitting by a fireplace with Ballmer throwing stacks of mustard colored wrapped bills into the fire
to give it that nice warm glow, explaining how at MicroSoft, they develop high quality software
and the "Best Is Yet To Come." Sometime around 2000, I think.
Well, we're here and the Best is here - deal.
CAP === 'coacher'
It's amazing how that piece of history has been forgotten by so many people. Bill was "bought up" on the /
from the BBS culture, so he only believed that that model would continue to expand and centralize. And he
(probably / most likely) thought MS should be at the center of that growth.
Thank God for companies like Sun Microsystems, SGI, et. al. that continued development in TCP/IP (and the /..
internet in general), cause if it wasn't for them, we'd be dialing in somewhere to post on fine sites like
CAP === 'capitals'
Since this patch, my work laptop will no longer shut down or log out cleanly, I have to press and hold the power button.
Since this patch, I can no longer access the terminal servers I need for some of my work.
Since this patch, various intranet pages (which need IE to work) get stuck indefinitely when loading.
Thanks Microsoft.
I'll try a complete rebuild/reinstall in the new year (got other problems from before this patch like Outlook won't go online).
Lenovo isn't exactly trustworthy. They've packed spyware and rootkits into their products before, and probably still are. What do you want to bet that these laptops aren't booting because Lenovo is doing something naughty?
I'm typing this comment into a Lenovo ThinkPad X61 convertible laptop. Its mainboard has two RAM slots that officially take modules up to 2 GiB, for a total of 4 GiB. So after I have followed your advice to buy more RAM, where should I put it so that the computer can use it?
No Firefox bug can ever make the system unbootable.
Isn't Mozilla still installing that Maintenance Service with admin privileges?
Windows has at least one, probably more kernel hacks in the TCP/IP driver. If you do some etherPeeking at a web session, you might notice that most browsers do the classic handshaking on connection startup, where the browser has to be context switched at least twice to get through the preliminary folderol. But IE somehow uses some bag on the side of the TCP driver where it can avoid a context switch and speed up the initial handshaking and initial GET down to one OS call. Pretty clever and sneaky and unlike any other TCP/IP stack I've ever heard of.
Why does installing a patch to an application require a reboot? Why does installing a patch to an application render the OS unable to boot? Is the Windows architecture as as bad as it appears to be?
"You screwed me over, Microsoft! I'll be reinstalling your shit soon! I'll never consider switching to Linux! That'll show you, Microsoft!"
Notice shills are silent against history.
Just another example of Intel taketh and Microsoft taketh away.
In this post, AlanObject agrued with me:
https://slashdot.org/comments....
I said "during the primaries, only Trump polled lower than Clinton". He replied "you're so full of shit - Clinton polled better than Trump, you moron".
He said I was totally wrong, while stating that what I said was exactly right. He argued/agreed with me. He argued.
Or maybe it's just a typo. :)
That should be:
He argued/agreed with me. He agrued.
First reaction: HA! Microsoft is at it agan.
Second reaction: Wait, did you say Lenovo laptops? Those guys who would brick your motherboard if you turned on Thunderbolt assist in _their_ BIOS? OK, maybe it's not Microsoft's fault this time.
"Everybody's naked underneath" -- The Doctor
While you're not wrong, you're not right either. The interaction between IE and Windows does mean that they are likely in some cases to share some code that could cause bugs or security issues to propagate between them.
It does however not mean that every security bug in IE is a Windows bug. It also doesn't mean that fixing bugs in IE automatically has an affect on the OS.
And given that this only affects Lenovo laptops what's the bet that this bug didn't affect Windows in the slightest, but rather Lenovo shitware that has been using undocumented "features" specific to their laptops only. Sounds more like a laptop vendor depending on IE that Microsoft.
This was like delayed start for service in windows, ohh, look windows loads faster but whoops, it won't run apps tied to those services that have not started yet but M$ can brag how fast the windows GUI boots even though you can not run apps, until delayed start services have started.
Good. Not all apps depend on all services. There's no reason why e.g. Word should not run just because Windows doesn't have the network card up and running. Sequential booting is a relic of the 90s and we're all glad to be rid of it.
> It does however not mean that every security bug in IE is a Windows bug.
Right, every week when there's another IE bug you don't know whether it provides the attacker access to exploit the kernel or system shell. Some do, some don't.
Contrast a Firefox bug. That's going to affect Firefox. Never the operating system.
"No Firefox bug can ever make the system unbootable"
a bug in the firefox updater (which runs with elevated permissions) could hose the system though
This didn't happen to the overwhelming majority of computers that received the patch, it happened to a specific subset. So it didn't brick the OS it bricked some vendor that did non-standard things to the OS.
And your argument that an OS shouldn't have deep browser hooks is ridiculous, unless you don't believe Chrome OS or FireFox OS are valid OS'.
Code re-use is a good thing. If a modern browser includes 2/3rds of the things necessary for an entire OS, why not make it the basis of an entire OS (obviously Google and Firefox thought this was a good idea).
It doesn't inherintly make you less efficient or secure. It's just a different way of doing things.
> Your argument that an OS shouldn't have deep browser hooks is ridiculous, unless you don't believe Chrome OS or FireFox OS are valid OS'. ..
> obviously Google and Firefox thought this was a good idea).
Just so I understand, your argument is that ChromeOS and FirefoxOS are the best operating systems, and every operating system should try to be like FirefoxOS, because it worked so well?
Because it has worked for Microsoft.
The question is: why do people accept the shit that Microsoft shovels their way?
The real "Libtards" are the Libertarians!
You are comparing a gimped locked down "internet computer" to a full fledged desktop? What are your smoking. Of course they are hooked into their browsers. The whole OS is built around using the web to access apps.
There is a headless version of Windows Server that should allow you to run windows apps without IE, although IIRC, Quickbooks server relies on IE for remote connections, so your mileage may vary as to how viable headless windows is for running server applications.
Work bio at MMWD
Gentle User: "Install what with the who?"
It little behooves the best of us to comment on the rest of us.
That theory seems reasonable to me.
Lenovo Laptops Common Problems
1009 Lenovo Consumer Reviews and Complaints Quote: "Let me begin by saying I will never buy anything from Lenovo ever again. The only reason I bother to write this review is so that Lenovo can hopefully address some of the many problems within the company, which might help other customers avoid the same ordeal that I have experienced."
However, it seems reasonable that Microsoft would try all updates with commonly-sold hardware before releasing the updates. In this case, perhaps Microsoft did, but didn't have one of the Lenovo models that failed.
it was shit 15 years ago, it's shit now and it will be shit until the end of time
So lucky i'm on linux
Here we are again. Yet another update that shit all over the operating system. And people actually PAY Microsoft money for the operating system? Heh' Microsoft is laughing on their way to the bank. I have been updating my Xubuntu installation, whenever an update is ready, and have done it since 2016. I have never seen any issues like these. Do I have to remind people again, that they actually paid money for their operating system?!
Comment removed based on user account deletion
MS is Bad. Lenovo is Bad.
Who thought the combination would work ????
aaaaaaa
Some do, some don't.
My point exactly.
Contrast a Firefox bug. That's going to affect Firefox. Never the operating system.
That depends entirely on what privileges you use to run Firefox. You are also abusing the timeline. Firefox was by far the last browser to implement sandboxed environments which means prior to Firefox 55 every arbitrary code execution CVE could affect any part of the system with the privileges of the local user which almost universally means the system is now no longer yours.
Don't get me wrong, integration is bad, but not integrating doesn't make it magically safe.