Firefox

From Organic Design wiki
Revision as of 21:11, 3 October 2019 by Nad (talk | contribs) (rm old sections)

Mozilla Firefox is a graphical web browser developed by the Mozilla Corporation, and a large community of external contributors. Firefox, officially abbreviated as Fx or fx and popularly abbreviated FF, started as a fork of the Navigator browser component of the Mozilla Application Suite. Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, under the direction of the Mozilla Foundation.

Mozilla's conditions for use of their trademarked names require that distro's using their products clear any patches with them first, but in Debians view this compromised their own strict security measures so rather than this they opted to change the branding of the products. Debian's fork of Firefox is Iceweasel.

Firefox is our choice of web-browser here at Organic Design, and this article lists the extensions and configurations we like to include with it.

Note however, that browsers are inherently risky by the fact that any site you may visit can contain malicious code, and you are also trusting all your installed extensions. For this reason it's a very good idea to install FireJail which gives you super easy sandboxing capability. See below for more detail.


Addons

Secure browsing

It's becoming more and more important to ensure that you make your browsing data available to those providing your connection. This is not only important for when you're browsing through public Wifi connections or at hotels etc, but you can't trust any of the ISPs with your data nowadays either. There are plenty of freely available VPN options such as Express VPN and Hide.Me, but another simple way if you work with remote servers and regularly use Secure Shell is to use one of your servers as a local proxy server to browse through.

For example connecting to your remote server using Secure Shell with the following command. This means that all that can be seen by your connectivity provider is a secure shell tunnel. Here, PORT is the local port number you'd like to open to browse through, and USER@HOST is your remote server details.

ssh -fnNTCD PORT USER@HOST

This will open a local connection on PORT that you then configure your browser to use for it's network connection using the SOCKS5 proxy protocol. See the SSH article for more details on what the options means and some additional server options you may like to use. You can see if it's working by going to WhatsMyIP.com or similar, and you should see that the IP address that it thinks you're at is your server's IP, and the geographic location you're apparently browsing from is the location of your server's data centre.

Firejail

Browsing the web is getting more and more dangerous as hacks get more sophisticated, browsers get more complicated and our personal information gets more important and valuable. We prefer to run our browsers in a "sandbox" which means that only a small part of the system is visible to them. It's very similar to running the browser in a virtual box where they're the only application installed. We use FireJail which is based on Linux namespaces. FireJail comes with hundreds of presets for known applications, so launching a well-known application like Firefox inside FireJail is simply a matter of preceding the application name with firejail, e.g.

firejail firefox

Of course, we don't want to type that every time we want to launch a browser though, so you need to locate your launchers and precede the command in the Exec field with firejail. To find your launchers, search for all files with "firefox" in their name and having the "desktop" extension:

find / -name "*firefox*.desktop"

You'll be able to to see that the browser now has limited access to the system, if you opening a file and navigating around the directory tree, you should see that most directories are empty and your home directory contains only Downloads and Desktop. Also you can check what applications are being run within Firejail at any time:

firejail --list or firejail --tree

Finally, you may want to whitelist some specific file locations if you're used to opening or saving local files from locations other than the desktp or the Downloads folder. For example, I like my browser to have full access to my Pictures folder. To do this add the following option to you firejail command before the name of the program you wish to launch.

firejail --whitelist=~/Pictures firefox

See also