> Yes, but anything that has access to replace or modify the component could
> presumably also modify the component registry to match. Or, as Mitch
> suggested, could replace the code that does component verification with a
> work-alike that ignores differences.
Yes I understand this
although I had been thinking that it might be possible to put all of the
Mozilla code and read only data files in single secured jar file
this might leave just a stub application launcher, and some system
encrypted component and package registries
While not preventing a determined hacker and it might prevent/discourage
hacking by 95% of average users
