manually installing latest version Firefox -- how secure?

Kernels & Hardware, configuring network, installing services

manually installing latest version Firefox -- how secure?

Postby bd10 » 2020-04-08 09:36

Hi all,

I have a question regarding security when manually installing the latest version of Firefox as opposed to the ESR which is already on Debia 10.

If I install it in ~/bin/firefox and change the ownership of the folder to root
Code: Select all
chown -R root:root ~/bin/firefox

(as suggested on https://wiki.learnlinux.tv/index.php/Installing_non-ESR_Firefox_in_Debian_10.)

Is this good practice or sufficient? How secure/vulnerable is such an installation?

Thanks
bd10
 
Posts: 4
Joined: 2015-05-03 17:06

Re: manually installing latest version Firefox -- how secure

Postby Head_on_a_Stick » 2020-04-08 13:35

Changing the ownership to root will stop it from updating itself (unless you run it as root, which is a bad idea). Outdated browser versions are a security risk.

I would just leave it in $HOME, like this:
Code: Select all
tar xf firefox-75.0.tar.bz2 -C ~
ln -s ~/firefox/firefox ~/bin/firefox-custom

And use this line in ~/.local/share/applications/firefox-custom.desktop:
Code: Select all
Exec=firefox-custom %u

But the Mozilla build includes stuff that the Debian developers disable for their versions, such as user studies (embedded spyware), and sound won't work without PulseAudio or apulse.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12745
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: manually installing latest version Firefox -- how secure

Postby cooleo » 2020-04-09 02:16

bd10 wrote:Hi all,

I have a question regarding security when manually installing the latest version of Firefox as opposed to the ESR which is already on Debia 10.

If I install it in ~/bin/firefox and change the ownership of the folder to root
Code: Select all
chown -R root:root ~/bin/firefox

(as suggested on https://wiki.learnlinux.tv/index.php/Installing_non-ESR_Firefox_in_Debian_10.)

Is this good practice or sufficient? How secure/vulnerable is such an installation?

Thanks



Educate me,
why is it "more secure" to "lock-up" web browser bin by changing its owner to root?
so hacker wont be able to "play" with it? so it will not automaticlly update itself?
cooleo
 
Posts: 28
Joined: 2020-04-07 05:28


Return to System configuration

Who is online

Users browsing this forum: No registered users and 18 guests

fashionable