Browsers/WWW: Firejail, Firefox, and Mozilla

posted by Roy Schestowitz on Jan 19, 2023

• Using Firejail to reduce the risk of running web browsers

  Today I wanted to share a simpler approach to all of this, which is running your web browser, typically Firefox, under a very restricted environment using Firejail. Firejail is an open source project, probably available from your package manager, that uses Linux namespaces, seccomp-bpf and capabilities to restrict what your web browser can do and access. Notably, it ships profiles for multiple applications either based on blocklists or, in the case of Firefox (the main use case), allowlists. When you run Firefox through Firejail, for example by running firejail firefox, the resulting Firefox process will be restricted in several ways and will not be able to access most of your home directory, except for the ~/Downloads directory and its own configuration and data directories. If, on top of that, it’s running under Wayland, it will not be able to spy on your screen and other windows unless there’s a second vulnerability available in the Wayland compositor.

• Real talk: Did your 5-year-old just tease you about having too many open tabs?

  No one ever wanted to say “tech-savvy toddler” but here we are. It’s not like you just walked into the kitchen one morning and your kid was sucking on a binky and editing Wikipedia, right? Wait, really? It was pretty close to that? Well, for years there’s been an ongoing conversation on internet usage in families’ lives, and in 2020, the pandemic made us come face-to-face with that elephant in the room, the internet. There was no way around it. We went online for everything from virtual classrooms for kids, playing video games with friends, conducting video meetings with co-workers, and of course, streaming movies and TV shows. The internet’s role in our lives became a more permanent fixture in our family. It’s about time we gave it a rethink.

• Why You Should Pay Attention to WebAssembly [Ed: RedMonk says pay us money and we'll say good things about you]

  There may come a day when the humble web browser – having already yielded enterprise grade server side technologies like Firecracker, Isolates and Node.js – has nothing of interest left for the industry to extract. But that day has certainly not arrived yet, as the increasing chatter around WebAssembly (WASM) proves.

  The fact that people are talking about WASM is not new. Nor is the fact that it has people excited. WASM has been a topic of discussion for years as the industry pondered a larger role for a technology originally designed to run binary code within the context of the browser.

  What has changed, however, is the volume of conversation about WASM. As WASM has taken the initial steps towards a potential role as a critical piece of enterprise infrastructure, discussion of the technology has spiked both in the community at large and within the conversations RedMonk has with its participants.

• Will Kahn-Greene: Socorro: Schema based overhaul of crash ingestion: retrospective (2022) [Ed: Mozilla outsourced Firefox crash reporting to Microsoft proprietary software governed by NSA people]

  I've been working on Socorro (crash ingestion pipeline at Mozilla) since the beginning of 2016. During that time, I've focused on streamlining maintainence of the project, paying down technical debt, reducing risk, and improving crash analysis tooling.

  One of the things I identified early on is how the crash ingestion pipeline was chaotic, difficult to reason about, and difficult to document. What did the incoming data look like? What did the processed data look like? Was it valid? Which fields were protected? Which fields were public? How do we add support for a new crash annotation? This was problematic for our ops staff, engineering staff, and all the people who used Socorro. It was something in the back of my mind for a while, but I didn't have any good thoughts.

• Firefox finally declutters the toolbar with the Unified Extensions button | ZDNET

  Sometimes, developers add features to an application not necessarily to improve performance but rather to remove clutter. By doing so, they improve the user experience and make the tool more pleasant to work with.

  One thing that has always bugged me about some browsers is how extensions are accessed and displayed on the toolbar. Pin too many extensions to the interface and it can get very cluttered.

  Pin too few extensions to the toolbar and you might find them a challenge to access.