It's very important that users be able to disable ALL of this functionality with a simple compiler flag. Not just disabling it in the process.
We've seen the failure of "sandboxing" over and over again, and especially with a closed-source, certain-to-be-compromised payload, it's guaranteed that at some point it will be breached.
did you read the blog post? you have to actively consent in installing that plugin to use it. without plugin the sandbox is code without attack surface.
It's unclear to me from the post that the sandbox code will be unbundled from Firefox. Furthermore, it should be possible to distribute a compiled version of Firefox that doesn't have the ability to install the module in the first place, with a minimum of effort.
If you don't enable it by default, but the first time a user visits any website with a video ad they get a clickthrough that downloads and installs it, a huge portion of the user base will end up with it installed. This is less than desirable if you care about security.
I'm sure security- or ideological-focused distros will do a version of this anyway, but it should be supported upstream to segment the code as much as possible so as few vulnerabilities leak into the "main" codebase as possible.
I don't understand your argument. If you are installing firefox for yourself, you don't need a version with the support compiled out; just don't install the plugin.
If you are installing firefox as sysadmin for someone else, you don't need a version with the support compiled out; don't give the users rights to install plugins.
What use case has less security just from the sandbox being enabled?
We've seen the failure of "sandboxing" over and over again, and especially with a closed-source, certain-to-be-compromised payload, it's guaranteed that at some point it will be breached.