Advice Request Is Firefox ESR secure enough ?

Please provide comments and solutions that are helpful to the author of this topic.
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
 
  • Like
Reactions: oldschool
ScandinavianFish said:
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
Click to expand...
Reaction GIF
 
  • HaHa
  • +Reputation
Reactions: JB007, Guilhermesene, Gangelo and 7 others
upnorth said:
Reaction GIF
Click to expand...
grapheneos.org

GrapheneOS usage guide

Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
grapheneos.org grapheneos.org
"Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux, where it can hardly be considered a sandbox at all) and lacks support for isolating sites from each other rather than only containing content as a whole."
 
  • Like
  • +Reputation
  • Applause
Reactions: JB007, harlan4096, Trooper and 3 others
ScandinavianFish said:
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
Click to expand...
It had site isolation for a long time but wasn't enabled by default as it was in its experimental phase.
 
  • Like
Reactions: JB007, CyberTech and Trooper
ScandinavianFish said:
I understood, I answered, what more do you want?
Click to expand...
No, you sadly still don't get it.

If you can't interpret and grasp plain simple common English that member @JB007 very crystal clear wrote, I would recommend you avoid keep spreading not only misinformation, but also disinformation with pure irrelevant mobile OS links.
 
  • Like
Reactions: JB007, CyberTech, [correlate] and 3 others
upnorth said:
No, you sadly still don't get it.

If you can't interpret and grasp plain simple common English that member @JB007 very crystal clear wrote, I would recommend you avoid keep spreading not only misinformation, but also disinformation with pure irrelevant mobile OS links.
Click to expand...
Ah, so youre just an firefox fanboy, got it, so its not worth arguing with you
 
  • HaHa
  • Like
Reactions: Trooper and [correlate]
wat0114 said:
FWIW, and I'm in no way trying to stir the pot here, but my employer does not provide Firefox as a browser option on their COE devices because they feel it's a security risk to their corporate network. They offer Edge and Chrome only.
Click to expand...
Not far from true, many security experts find Chrome superior in terms of security, and yes they do not provide Firefox as an option whasoever.

Considering OP is using Firefox at work, the point remains on @ScandinavianFish side, only in terms of home usage that there is not much difference, it all depends on how you setup the browser.

In the end is not my concern, the opinion was given, whatever people do with it is their own problem, I do not recommend Firefox for business be it in terms of security or stability.
 
Last edited:
  • Like
Reactions: JB007, Kongo, CyberTech and 3 others
Local Host said:
You seem to misunderstand Tor purpose, is about being anonymous not secure, the node traffic is not even encrypted.
Click to expand...
You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.
 
  • Like
Reactions: JB007
SpiderWeb said:
You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.
Click to expand...
Security =/= Privacy, being paranoid over privacy will only get you so far.
 
  • Like
  • Applause
Reactions: JB007 and Gangelo

You may also like...