Firefox and Zen Browsers have been jailed!

Contributions DeLinuxCo Spins
1

firefox-jailed
firefox-jailed2001×2066 82.6 KB

As part of the ongoing “continuous improvement initiative”, we, “as in me, myself and I” are happy to announce Firefox and Zen-Browser as an AppImage format and both with the ability to run in a jailed (sandboxed) session. The packages, firefox-appimage and zen-browser-appimage now have firejail as a dependency which will allow the browsers to run in a sandbox.

Once either browser is installed, to run the app in a sandbox, “Right click” on the launcher icon and select Run <browser> Jailed

Of course, the AppImage itself is a kind of sandbox, but this can add a much stronger security envelope.

Note: In the next ISO, the Firefox-Appimage will be the default browser.

–Cheers

image
image576×416 72.2 KB

image
image576×416 69 KB

3 Likes
2

I’ve been starting Firefox from firejail for years.
It’s a launcher with a custom Firefox icon that’s on the panel.
But if you already have firejail installed, try:
sudo firecfg
You’ll get a long list of your installed applications, processes that when you start or run, run from a sandbox.
Exit:
sudo firecfg --clean

1 Like
3

@growler Yes, you can install firetools which will also give you a GUI. But after testing the various tools, the GUI works just fine but it is lacking on looks! :scream:

You can also just install firejail and from a command line, run an app in a sandbox, for example firefox just run this command from the terminal: firejail firefox

even if you have an appimage, somewhere on your computer you can run: firejail --appimage <path to your appimage>

But I want to run firejail with an AppImage, and I want minimal intrusion to the user in operation.

This is why I have been replacing many of the applications with AppImages because they can be easily packaged into an Arch Linux archive (.zst) and delivered through a repo. Most of the time, the user does not even know it is an AppImage.

Also, I found that firefjail itself has a very low foot print, but when running an app in a sandbox, memory usages goes up quite a bit of that app. So for those that don’t care about memory usage, they can still run the app in a jail but for those that do care, they can run the app normally.

One interesting note, running firefox in an appimage without sandboxing, it actually used almost 200MB less memory than the regular binary. the drawback of course, the packages are larger and depending on the app, can take a slight longer to start.

3 Likes