Author here: I think another takeaway from this story (besides the importance of supply chain security management) is how crucial a defensive computer security architecture is. In a nuclear facility, the only thing that could have prevented these attacks are network segregation, password policies and similar measures.
By the way, IAEA has great guidance [1] on how to manage computer security in nuclear facilities. If you are interested, I encourage you to read it (or ask me about it).
Actually you can fit your needs with Openstreetmap. People regularly upload public GPS traces that you can view - thus, get a rough idea of how popular a path is. But OSM also shows all the paths, so you can avoid beaten paths as well.
No, Firefox doesn't technically run anything on your machine. It is only that some scripts can write shell code into the "middle click buffer" which the user can unintentionally execute later.
By the way, IAEA has great guidance [1] on how to manage computer security in nuclear facilities. If you are interested, I encourage you to read it (or ask me about it).
[1] https://www-ns.iaea.org/downloads/security/security-series-d...