FireFox-ESR and 16.04

Bill_MI 2017-04-22 01:51:43 UTC #21

Default profile or default browser? I have 2 profiles and it got both of them ok. However, I got the Not-Default-Browser message so registered it.

How are you starting it? For 16.04 I changed the /usr/bin/firefox link to /opt/firefox/firefox (originally it points to some script).

I saw a lot of solutions including the home directory but that was the first one I soundly rejected.

EDIT: Per your edit, yep, that'll run as root. The method I used works on every method of starting firefox I can find, including opening .url files.

monsta 2017-04-22 09:07:18 UTC #22

So there is an unofficial PPA with FF-ESR 52 for 14.04 and 16.04:
https://launchpad.net/~jonathonf/+archive/ubuntu/firefox-esr

I can't recommend it as I didn't try it yet myself, but maybe someone else already tried it?

boncha 2017-04-22 10:01:06 UTC #23

If you want to use Firefox ESR, use the Tor Browser Bundle and deactivate the tor-network.
Basicly just go to settings and deselect the proxy to "use system setting" instead
and go to "about:config" and set "socks*dns" to false

After that it's a more secure Firefox ESR and if you use a VPN you basicly have a fast and anonym Tor Browser.
You can also run multiple Tor Browser instances simultaneous to Firefox

Another benefit:
I had a motherboard crash on my pc. So I needed to rescure my data from my SSD.
For the Tor Browser all i needed to do was copy the folder.
I can start the Browser under ALL Linux distros and have all my bookmarks and settings.
No need for setting it up again

mrtribute 2017-04-22 14:11:44 UTC #24

/opt/firefox/firefox is what I used, but this is just the path to the extracted file. I can run it from there as a normal user and then it picks up my profile. So the problem was I was running as root before.

maximuscore 2017-04-22 14:15:54 UTC #25

Btw. don't run a browser as root - a successful attacker will have full system access that way without needing an additional privilege escalation exploit.

Bill_MI 2017-04-22 14:31:57 UTC #26

Hi @maximuscore, not running as root almost goes without saying. However, I'm reading this can be used for the built-in update engine just on those occasions. I've been wrestling with this concept, to say the least.

So.... running as root only to update Firefox... anyone know of issues other than the short window of time? I imagine we'll also have a /root/.mozilla directory that should be set secure as Firefox is NO WAY secure by default.

maximuscore 2017-04-22 14:35:43 UTC #27

Yes, the updater of course will require running as root.
I'd lock down the root user's FF profile as much as you can, though.

Bill_MI 2017-04-22 14:47:18 UTC #28

Agreed. But I stopped maintaining the constantly-changing huge list of settings in favor of someone else doing that with extensions like Privacy Settings where I compared lists and found I was behind.

In the meantime, we have some excellent ideas from @monsta and @boncha I want to take a good look at. Thanks!

mrtribute 2017-04-22 23:07:11 UTC #29

I was just a test. I'm using the browser, but not as root.

Herve5 2017-04-24 07:51:15 UTC #30

I am considering installing a per-app-triggered filter, something that I found very efficient on macOSX in the past.
On OSX the name was "little snitch", on Ubuntu I see there are a couple of wannabees, like the one called Douane. ("Douane" meaning "Customs" in french)

The idea is that each time an app asks for a new connection to somewhere a dialog appears and then one either allows everything, or just that address, forever, or just for now...
After some ten minutes setting things up it flies silently (in my former OSX experience), and still would trigger a warning if, say, the updater would phone an unexpected place.

Anyone with a Mate experience with Douane or the like here?
I am strongly interested in advice
Thank you!

monsta 2017-11-15 13:35:45 UTC #31

Looks like there's a problem with switching to ESR from FF 55 or newer: