Advice Request Is Firefox ESR secure enough ?

Please provide comments and solutions that are helpful to the author of this topic.

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
 
  • Like
Reactions: oldschool

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
Reaction GIF
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
"Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux, where it can hardly be considered a sandbox at all) and lacks support for isolating sites from each other rather than only containing content as a whole."
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it
It had site isolation for a long time but wasn't enabled by default as it was in its experimental phase.
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
I understood, I answered, what more do you want?
No, you sadly still don't get it.

If you can't interpret and grasp plain simple common English that member @JB007 very crystal clear wrote, I would recommend you avoid keep spreading not only misinformation, but also disinformation with pure irrelevant mobile OS links.
 
L

Local Host

FWIW, and I'm in no way trying to stir the pot here, but my employer does not provide Firefox as a browser option on their COE devices because they feel it's a security risk to their corporate network. They offer Edge and Chrome only.
Not far from true, many security experts find Chrome superior in terms of security, and yes they do not provide Firefox as an option whasoever.

Considering OP is using Firefox at work, the point remains on @ScandinavianFish side, only in terms of home usage that there is not much difference, it all depends on how you setup the browser.

In the end is not my concern, the opinion was given, whatever people do with it is their own problem, I do not recommend Firefox for business be it in terms of security or stability.
 
Last edited:

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
609
You seem to misunderstand Tor purpose, is about being anonymous not secure, the node traffic is not even encrypted.
You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.
 
  • Like
Reactions: JB007
L

Local Host

You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.
Security =/= Privacy, being paranoid over privacy will only get you so far.
 
  • Like
  • Applause
Reactions: JB007 and Gangelo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top