Yes, your example is such a use case, which I already mentioned before. Simply don't input anything sensitive (you *can* input sudo password though) when you have an untrusted firefox running (i.e. if you've visited shady sites in that session).

And btw, this should apply regardless of X being secure or not. The point is that exploits exist, even for Wayland, so it's only sane to do this no matter what.

If you really ought to input something sensitive, then kill all firefox user apps (sudo pkill -9 --uid firefoxUser) before commencing. No, it's not inconvenient, you can just make a script and add sudoers rule so that it can happen with 1 click (no need to even input password).

And when X received support 25 years ago, it already existed longer than Wayland, so it's only normal that Wayland is playing catch-up.

This is insanity. Virtually every single gui application today is so complex that you cannot trust it. Are you going to kill every single gui application then you do anything sensitive on your machine every time? Heck, you actually need to kill any application running by your untrusted users because X only allows to discriminate on a per user basis.

No you only need to do that with applications that you allow to be online. You should not let them access the internet by default, in my opinion.

Of course, I'm not saying that Wayland has worse security than X or the same. But people speak as if X is so insecure that as soon as you plug the internet your PC is compromised. And Wayland tries way too hard to secure itself at the expense of important features, which I can't get behind.

If you run all apps you trust without internet access then just add a rule to e.g. iptables -A OUTPUT -m owner --uid-owner username -j DROP

1. Which features are you missing? The shitty X11 remote access with horrible latency? The other two thinks I can think of are a screen recorder (which we are getting as part of the compositer there it should go and not as a god like application which can just do what ever it wants) and global hotkeys. All of which people are working on and are trying to standardize and get actually better solutions then we had in the past. And while I like that, I can count the occurrences I used this features on one hand. Am I missing something here?
2. You need to do that with any app which gets untrusted input. So not only internet access but also filesystem access to untrusted files which means its all apps by default.
And I repeat again, this is insane, noone on this planet does that.

LOL
I'm just really glad that you're on your own with this mindset, or the year of the Linux desktop would never come in a million years.

Snippet from that opinon

"Set of problems I just don't have" - Just because you don't have them, doesn't mean they don't exist. If they're so happy with X, just use X, you have to go out of your way to use Wayland currently, so I don't see the problem.

"I've never seen tearing" - Works on my machine, therefore it doesn't exist. Flawless argument, absolutely watertight. They've got me there.

"I use X's network transparency daily" - most current implementations of X are not network transparent. So if you're using VNC or anything like that, you're not using network transparency. You're using the same type of thing being implemented in Wayland i.e. a compressed image being sent over the network. If you are using some arcane network transparency feature from X when it was actually network transparent, then I don't think it's fair to say you're a good representation of the average Linux desktop user.

which programs need to be converted to make them compliant with wayland? As example Krita, gimp, kolourpaint the browasers as chromium or firefox or falkon....

There is a difference between exploits and "no enforcement whatsoever" X11 does not even enforce limits, any application can just snoop every other.

Also the "I run only stuff I trust" model was right maybe when the computers were running DOS and other simple stuff, in the modern world it's simply flawed and opens the door to malware.

I'm here wondering why you think only Wayland exploits matter, while there cannot be exploits in the rest of the system that make futile all the circus you're doing here.

I mean, the linux kernel does offer namespaces, cgoups and other security features that go above and beyond the basic "user separation" for a reason.