Many who have the power to challenge or act to fix this seem to be silently ignoring such facts and letting it go in it’s own way.
Reading your words again, I realized you were prophetic.
I opened a detailed bug report to Mozilla and cross it posted to Chromium.
Both are now closed without anybody saying if their users are vulnerable to such attacks or not. They are silently ignoring the security of their users.
I know I should open the same issue to other WHATWG members that are equally vulnerable… but frankly I have no energy left.
If this is Open Source, I have no hope to pass Microsoft or Apple support!
Is it just for convenience’s sake or for something behind the scenes?
Well… they literally said that “this is the Web functioning as designed”.
However, I’m used to fix my design errors when they open security holes!
What I hate here, is that I’ve been a Mozilla/Firefox advocate and evangelist for almost twenty years! So many people will remain vulnerable because I teached them to trust Mozilla!