I'd be curious whether the DLLs for graphics drivers count as 3rd party or not as the only non-windows DLLs I saw on my `about:third-party` page were nvwgf2umx.dll and nvldumdx.dll which are both part of Nvidia's gpu drivers (presumably for hardware acceleration).
I also see Intel IGD and AMD stuff in the list on my machine. According to the article, they are considered to be 3rd party libraries: "other uses include hardware drivers" and "any DLL not digitally signed by Mozilla or part of the OS" are the relevant quotes.
So why are AMD, Intel, and Nvidia shipping improperly designed DLLs as part of their drivers? That's a larger red flag than anything involving Firefox.
I know some people consider proper binary signing difficult on Windows and find the UAC prompts annoying, but those are multi-billion dollar companies, I'm pretty sure they can figure it out.
If anything, Firefox shouldn't be the one doing this, Windows itself should be preventing loading of unsigned/improperly signed DLLs without a UAC prompt.
> why are AMD, Intel, and Nvidia shipping improperly designed DLLs as part of their drivers?
Nvidia are notoriously .. not good, but a substantial part of the 3D API runs client-side userspace, and a substantial part of the huge NVIDIA "geforce experience" is a set of game-specific patches, because NVIDIA have their own opinions on how to optimise for framerate.
It also provides a whole bunch of features! There's an entire overlay screen you can bring up with screenshot/video recording options, camera effects for screenshots, etc.
(also top tip even if you don't have NVIDIA - try pressing Win-G in random applications to see if they count as "games" which will let you use the DirectX screen recorder provided by Windows)
> Windows itself should be preventing loading of unsigned/improperly signed DLLs without a UAC prompt.
That's the "UAP" model and its successor, which provide mobile-like actual app isolation. Otherwise you (or rather, processes running as your user account or above) can generally just inject at runtime any DLL into any process.
> So why are AMD, Intel, and Nvidia shipping improperly designed DLLs as part of their drivers? That's a larger red flag than anything involving Firefox.
What do you mean by "improperly designed DLLs"? The presence of these is totally normal because most of the graphics drivers are implemented in user-mode and loaded into whatever process uses Direct3D or another graphics API. If you block these, you won't be able to use 3D APIs.
Windows already blocks installation and execution of drivers that aren't signed by Microsoft under their WHQL[1] program. You can turn the blocking off, but that's a deliberate choice made as a sysadmin or power user.
Drivers from Intel/Nvidia/AMD are signed by Microsoft, WHQL certified, and are not part of Windows, so as far as Mozilla is concerned they are third-party drivers.
> So why are AMD, Intel, and Nvidia shipping improperly designed DLLs as part of their drivers?
It's part of their "value add" I guess. Nvidia drivers will literally patch video games behind the scenes. It's so insane I can't believe it even works.
Games have a long history of being buggy messes and video card drivers have a long history of patching around those issues.
Even Windows does, Microsoft actively checked if SimCity 2000 was running because without special treatment it would crash on newer Windows Versions due to an allocator bug.
Windows shell extensions such as context menu handlers. Along with my GPU driver I have injections from LibreOffice, 7-Zip, and Notepad++ to name a few.
You'd think they'd only need to hook into Explorer.exe but alas no, they show up in every process. I guess because of the file picker dialog which is an embedded Explorer window running in the host process.
And perhaps a reason why Mozilla wants to hurry and get off of Windows 7.
