manually installing latest version Firefox -- how secure?

[bd10]

Hi all,

I have a question regarding security when manually installing the latest version of Firefox as opposed to the ESR which is already on Debia 10.

If I install it in ~/bin/firefox and change the ownership of the folder to root

Code: Select all

chown -R root:root ~/bin/firefox

(as suggested on https://wiki.learnlinux.tv/index.php/In ... _Debian_10.)

Is this good practice or sufficient? How secure/vulnerable is such an installation?

Thanks

[Head_on_a_Stick]

Changing the ownership to root will stop it from updating itself (unless you run it as root, which is a bad idea). Outdated browser versions are a security risk.

I would just leave it in $HOME, like this:

Code: Select all

tar xf firefox-75.0.tar.bz2 -C ~
ln -s ~/firefox/firefox ~/bin/firefox-custom

And use this line in ~/.local/share/applications/firefox-custom.desktop:

Code: Select all

Exec=firefox-custom %u

But the Mozilla build includes stuff that the Debian developers disable for their versions, such as user studies (embedded spyware), and sound won't work without PulseAudio or apulse.

[cooleo]

Hi all,

I have a question regarding security when manually installing the latest version of Firefox as opposed to the ESR which is already on Debia 10.

If I install it in ~/bin/firefox and change the ownership of the folder to root

Code: Select all

chown -R root:root ~/bin/firefox

(as suggested on https://wiki.learnlinux.tv/index.php/In ... _Debian_10.)

Is this good practice or sufficient? How secure/vulnerable is such an installation?

Thanks

Educate me,
why is it "more secure" to "lock-up" web browser bin by changing its owner to root?
so hacker wont be able to "play" with it? so it will not automaticlly update itself?