Difference between revisions of "Firefox"
(→See also: Entering the Quantum Era - ow Firefox got fast again and where it’s going to get faster) |
m |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<onlyinclude>[[w:Mozilla Firefox|Mozilla Firefox]] is a graphical web browser developed by the [[w:Mozilla Corporation|Mozilla Corporation]], and a large community of external contributors. Firefox, officially abbreviated as '''Fx''' or '''fx''' and popularly abbreviated '''FF''', started as a [[W:fork (software development)|fork]] of the [[w:Netscape Navigator|Navigator]] browser component of the [[w:Mozilla Application Suite|Mozilla Application Suite]]. Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, under the direction of the [[w:Mozilla Foundation|Mozilla Foundation]]. | <onlyinclude>[[w:Mozilla Firefox|Mozilla Firefox]] is a graphical web browser developed by the [[w:Mozilla Corporation|Mozilla Corporation]], and a large community of external contributors. Firefox, officially abbreviated as '''Fx''' or '''fx''' and popularly abbreviated '''FF''', started as a [[W:fork (software development)|fork]] of the [[w:Netscape Navigator|Navigator]] browser component of the [[w:Mozilla Application Suite|Mozilla Application Suite]]. Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, under the direction of the [[w:Mozilla Foundation|Mozilla Foundation]]. | ||
− | + | Firefox is our choice of web-browser here at Organic Design, and this article lists the extensions and configurations we like to include with it. Note that browsers are inherently risky by the fact that any site you may visit can contain malicious code, and you are also trusting all your installed extensions. For this reason it's a very good idea to install [https://github.com/netblue30/firejail FireJail] which gives you super easy sandboxing capability. See [[Firefox#Firejail|below]] for more detail.'' | |
− | + | </onlyinclude> | |
− | Firefox is our choice of web-browser here at Organic Design, and this article lists the extensions and configurations we like to include with it.</onlyinclude> | ||
== Addons == | == Addons == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
*[https://www.eff.org/privacybadger Privacy Badger] ''- EFF's blocker extension'' | *[https://www.eff.org/privacybadger Privacy Badger] ''- EFF's blocker extension'' | ||
− | |||
− | |||
− | == | + | == Secure browsing == |
− | + | It's becoming more and more important to ensure that you make your browsing data available to those providing your connection. This is not only important for when you're browsing through public Wifi connections or at hotels etc, but you can't trust any of the ISPs with your data nowadays either. There are plenty of freely available VPN options such as [https://www.expressvpn.com/ Express VPN] and [https://hide.me/en/ Hide.Me], but another simple way if you work with remote servers and regularly use [[SSH|Secure Shell]] is to use one of your servers as a local proxy server to browse through. | |
+ | |||
+ | For example connecting to your remote server using Secure Shell with the following command. This means that all that can be seen by your connectivity provider is a secure shell tunnel. Here, PORT is the local port number you'd like to open to browse through, and USER@HOST is your remote server details. | ||
+ | <source lang="bash"> | ||
+ | ssh -fnNTCD PORT USER@HOST | ||
+ | </source> | ||
+ | This will open a local connection on PORT that you then configure your browser to use for it's network connection using the SOCKS5 proxy protocol. See the [[SSH]] article for more details on what the options means and some additional server options you may like to use. You can see if it's working by going to [https://whatsmyip.com/ WhatsMyIP.com] or similar, and you should see that the IP address that it thinks you're at is your server's IP, and the geographic location you're apparently browsing from is the location of your server's data centre. | ||
+ | |||
+ | == Firejail == | ||
+ | Browsing the web is getting more and more dangerous as hacks get more sophisticated, browsers get more complicated and our personal information gets more important and valuable. We prefer to run our browsers in a "sandbox" which means that only a small part of the system is visible to them. It's very similar to running the browser in a virtual box where they're the only application installed. We use [https://github.com/netblue30/firejail FireJail] which is based on [https://lwn.net/Articles/531114/ Linux namespaces]. FireJail comes with hundreds of presets for known applications, so launching a well-known application like Firefox inside FireJail is simply a matter of preceding the application name with ''firejail'', e.g. | ||
+ | <source lang="bash"> | ||
+ | firejail firefox | ||
+ | </source> | ||
− | + | Of course, we don't want to type that every time we want to launch a browser though, so you need to locate your launchers and precede the command in the ''Exec'' field with ''firejail''. To find your launchers, search for all files with "firefox" in their name and having the "desktop" extension: | |
− | + | <source lang="bash"> | |
+ | find / -name "*firefox*.desktop" | ||
+ | </source> | ||
− | + | You'll be able to to see that the browser now has limited access to the system, if you opening a file and navigating around the directory tree, you should see that most directories are empty and your home directory contains only ''Downloads'' and ''Desktop''. Also you can check what applications are being run within Firejail at any time, use '''firejail --list''' or '''firejail --tree'''. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Finally, you may want to whitelist some specific file locations if you're used to opening or saving local files from locations other than the desktop or the ''Downloads'' folders. For example, I like my browser to have full access to my ''Pictures'' folder. To do this add the '''--whitelist''' option to your ''firejail'' command before the name of the program you wish to launch. | |
− | + | <source> | |
+ | firejail --whitelist=~/Pictures firefox | ||
+ | </source> | ||
== See also == | == See also == | ||
Line 43: | Line 38: | ||
*[http://seclists.org/dailydave/2016/q3/51 Details on cert pinning flaw] | *[http://seclists.org/dailydave/2016/q3/51 Details on cert pinning flaw] | ||
*[https://hacks.mozilla.org/2017/11/entering-the-quantum-era-how-firefox-got-fast-again-and-where-its-going-to-get-faster/ Entering the Quantum Era - How Firefox got fast again and where it’s going to get faster] | *[https://hacks.mozilla.org/2017/11/entering-the-quantum-era-how-firefox-got-fast-again-and-where-its-going-to-get-faster/ Entering the Quantum Era - How Firefox got fast again and where it’s going to get faster] | ||
+ | *[https://support.mozilla.org/en-US/questions/1019155 Recovering saved logins] | ||
+ | *[https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/ What happened in the "addon outage"?] | ||
[[Category:Libre software]] | [[Category:Libre software]] |
Latest revision as of 11:49, 4 October 2019
Mozilla Firefox is a graphical web browser developed by the Mozilla Corporation, and a large community of external contributors. Firefox, officially abbreviated as Fx or fx and popularly abbreviated FF, started as a fork of the Navigator browser component of the Mozilla Application Suite. Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, under the direction of the Mozilla Foundation.
Firefox is our choice of web-browser here at Organic Design, and this article lists the extensions and configurations we like to include with it. Note that browsers are inherently risky by the fact that any site you may visit can contain malicious code, and you are also trusting all your installed extensions. For this reason it's a very good idea to install FireJail which gives you super easy sandboxing capability. See below for more detail.
Contents
Addons
- Privacy Badger - EFF's blocker extension
Secure browsing
It's becoming more and more important to ensure that you make your browsing data available to those providing your connection. This is not only important for when you're browsing through public Wifi connections or at hotels etc, but you can't trust any of the ISPs with your data nowadays either. There are plenty of freely available VPN options such as Express VPN and Hide.Me, but another simple way if you work with remote servers and regularly use Secure Shell is to use one of your servers as a local proxy server to browse through.
For example connecting to your remote server using Secure Shell with the following command. This means that all that can be seen by your connectivity provider is a secure shell tunnel. Here, PORT is the local port number you'd like to open to browse through, and USER@HOST is your remote server details.
ssh -fnNTCD PORT USER@HOST
This will open a local connection on PORT that you then configure your browser to use for it's network connection using the SOCKS5 proxy protocol. See the SSH article for more details on what the options means and some additional server options you may like to use. You can see if it's working by going to WhatsMyIP.com or similar, and you should see that the IP address that it thinks you're at is your server's IP, and the geographic location you're apparently browsing from is the location of your server's data centre.
Firejail
Browsing the web is getting more and more dangerous as hacks get more sophisticated, browsers get more complicated and our personal information gets more important and valuable. We prefer to run our browsers in a "sandbox" which means that only a small part of the system is visible to them. It's very similar to running the browser in a virtual box where they're the only application installed. We use FireJail which is based on Linux namespaces. FireJail comes with hundreds of presets for known applications, so launching a well-known application like Firefox inside FireJail is simply a matter of preceding the application name with firejail, e.g.
firejail firefox
Of course, we don't want to type that every time we want to launch a browser though, so you need to locate your launchers and precede the command in the Exec field with firejail. To find your launchers, search for all files with "firefox" in their name and having the "desktop" extension:
find / -name "*firefox*.desktop"
You'll be able to to see that the browser now has limited access to the system, if you opening a file and navigating around the directory tree, you should see that most directories are empty and your home directory contains only Downloads and Desktop. Also you can check what applications are being run within Firejail at any time, use firejail --list or firejail --tree.
Finally, you may want to whitelist some specific file locations if you're used to opening or saving local files from locations other than the desktop or the Downloads folders. For example, I like my browser to have full access to my Pictures folder. To do this add the --whitelist option to your firejail command before the name of the program you wish to launch.
firejail --whitelist=~/Pictures firefox
See also
- What the future could hold for Firefox OS - competing with iOS and Android on their own turf isn't going to work
- Details on cert pinning flaw
- Entering the Quantum Era - How Firefox got fast again and where it’s going to get faster
- Recovering saved logins
- What happened in the "addon outage"?