Closed Bug 1986197 Opened 6 months ago Closed 6 months ago

Stop making available Flatpak version of Firefox for security reason

Categories

(Release Engineering :: Release Automation, defect)

Product:
Release Engineering
Component:
Release Automation
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1882881

People

(Reporter: anti-stress, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0

Steps to reproduce:

Flatpak blocks apps from using User Namespaces (see https://bugzilla.mozilla.org/show_bug.cgi?id=1278719#c42 for instance)

Actual results:

Therefore it seems that Flatpak version of Firefox is not as secure as other packages.

Expected results:

Since user expects (at least) the same level of functionalities across all different packages, Flatpak version should not be proposed to users or they will be misleaded.

Summary: Stop making available Flatpack version of Firefox → Stop making available Flatpak version of Firefox for security reason

From this article https://lwn.net/Articles/1020571/

One thing that has been a bit of a pain point, Wick said, is that nested sandboxing does not work in Flatpak. For instance, an application cannot use Bubblewrap inside Flatpak. Many applications, such as web browsers, make heavy use of sandboxing.

They really like to put their tabs into their own sandboxes because it turns out that if one of those tabs is running some code that manages to exploit and break out of the process there, at least it's contained and doesn't spread to the rest of the browser.

What Flatpak does instead, currently, is to have a kind of side sandbox that applications can call to and spawn another Flatpak instance that can be restricted even further. ""So, in that sense, that is a solution to the problem, but it is also kind of fragile"." There have been issues with this approach for quite a while, he said, but no one knows quite how to solve them.

On OSnews a comment says :

Flatpak sandboxing very badly breaks browser internal sandboxing, to a point that I don’t think an up to date Firefox or Chromium based browser running in Flatpak can be called adequately secure. Zypak helps with Chromium based browsers to a point, but the real issue is that breaking namespaces gets rid of a lot of horizontal sandboxing between tabs. What’s more, it looks like this could all be avoided by providing a way to bypass Flatpak sandboxing, as is possible in Snaps… Or by using a normal MAC framework for the external sandbox, again as in Snaps. But those are not things that will happen if Flatpak is in maintenance mode.

Thanks

Blocks: flatpak

(bonjour)

also, see:
https://bugzilla.mozilla.org/show_bug.cgi?id=1756236

Status: UNCONFIRMED → RESOLVED
Closed: 6 months ago
Duplicate of bug: 1882881
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.