Firefox 94 Stopped Cooperating with Firejail
Categories
(Toolkit :: Application Update, defect)
Tracking
()
People
(Reporter: mozilla, Unassigned)
References
Details
(Whiteboard: [Fixed by Firejail 0.9.64?])
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0
Steps to reproduce:
Since I know that Firefox places priority on security, I wanted to relay this issue that started in Firefox 94, where Firefox is no longer allowing firejail to dispatch URLs to an already running Firefox instance. Firejail hasn't changed recently, and this issue began immediately after upgrading from 93 to Firefox 94.
Here are two links that provide further details:
As you all surely know, the web browser is most people's largest attack surface. It communicates with computers all over the world and this communication passes through countless intermediary nodes. So, it is a very sensible precaution to go beyond Firefox's own security with tools like firejail.
Firejail allows you to sandbox your web browser, which at least adds one additional obstacle for wrongdoers.
Perhaps someone reading this will know of a change, introduced in the Firefox 94 release, that is blocking Firejail's ability to launch additional URLs into an already running Firefox instance.
I remain a loyal Firefox user, but until this issue is resolved, I'll be using a different browser that allows this additional security without hampering my workflow.
|
||
Comment 1•3 years ago
|
||
This isn't exactly a security issue with Firefox per se, so I'm going to unhide it so that more people can see it, to increase the chance that it is fixed.
I'm not sure exactly what might cause this issue. Maybe there was some change in how we sandbox things, or maybe there are additional restrictions that have been added to invoking Firefox on the command line. The most effective way to pin down what might be going wrong would be to use something like mozregression to figure out what change caused this, though it might be tricky in this case because of the special way that Firefox is being invoked.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
May this be related to this change: https://hg.mozilla.org/mozilla-central/rev/ef22d8cbf4ef wherein Firefox now by default uses dbus instead of X11 to open new links in an existing window (if built with dbus enabled). Maybe the Firejail profile opens up for the old X11 way, but not for dbus communication?
|
|
||
Comment 3•3 years ago
|
||
FWIW, I can reproduce this problem with Firejail 0.9.62 (the version currently in Ubuntu Focal's repository), but not with Firejail 0.9.66, so there is a good chance that this upgrade has fixed the definitions to take care of this.
|
|
||
Comment 4•3 years ago
|
||
A brief scan of https://github.com/netblue30/firejail/releases suggests that version 0.9.64 may be the relevant release?
new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send
|
||
Comment 5•3 years ago
|
||
(In reply to Lonnie Lee Best from comment #0)
Here are two links that provide further details:
Both links suggest that upgrading Firejail to latest version fixes the issues with Firefox. Does that work for you? Thank you!
|
|
||
Comment 7•3 years ago
|
||
Thank you, I'm closing this issue as RWFM.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 8•3 years ago
|
||
Thanks for confirming. Closing this out as invalid since it wasn't a bug in Firefox in the end. Thanks for reporting, though!
|
|
||
Updated•3 years ago
|
Description
•