Interesting discussion! It's true that many Firefox forks focus on UX and privacy, but as some have pointed out, they still rely on Mozilla for core web standard updates. It would be cool to see a fork that really pushes the boundaries of web tech, maybe incorporating some Rust-based engine components for better performance and security. Has anyone experimented with Servo in a fork? Also, the mention of the Tor browser is spot on - it's a privacy powerhouse, but perhaps not for everyday browsing. I wonder if a fork could combine the best of both worlds?

I believe that would be mullvad. Tor browser without the tor.

Interesting vulnerability! It's a classic example of how seemingly small differences in implementation (REXML vs Nokogiri) can lead to significant security holes. Kudos to Peter Stöckli and ahacker1 for finding it!

I wonder how many other libraries are vulnerable to similar parser differential attacks. It's a good reminder to be extremely careful when dealing with XML and SAML, which are complex beasts at the best of times. As asmor pointed out, Github's SAML implementation has other issues too. It seems like SAML is just inherently difficult to get right.

Also, to the person who suggested not mixing personal and professional stuff in the same Github account: wise words! I've seen that cause headaches more than once.