> Will Firefox now become a new attack vector for exploits?
That's a really good question.
From what I understood from the planning wiki, the MozillaMaintennce Service will only install binaries digitally signed with Mozilla's private key. You can't install arbitrary EXEs with this, so I'd say the risk of becoming a vector is small.
Of course, the service can perform privileged actions *and* be invoked by a non-privileged user, so a buffer-overflow type bug in the service could well be exploitable, so I'm hoping Mozilla have audited this thoroughly.