Advice Request Is Firefox ESR secure enough ?

[JB007]

Hello,
I'm using FF ESR on my work machines because it have less changes than FF "classic".
But I'm wondering if it is enough secure ?

 

[NewbyUser]

ESR version still includes latest security focused patches. The latest release was less than two weeks ago. The ESR version is typically specifically designed to be used in work environments.

Firefox ESR 91.5.0, See All New Features, Updates and Fixes

www.mozilla.org

 

[ScandinavianFish]

Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it

 

[NewbyUser]

12 Secure Browsers That Protect Your Privacy in 2024

A secure browser that protects your privacy is essential for staying safe online and keeping your data secure from third parties.

restoreprivacy.com

 

[wat0114]

12 Secure Browsers That Protect Your Privacy in 2024

A secure browser that protects your privacy is essential for staying safe online and keeping your data secure from third parties.

restoreprivacy.com

Most private, maybe, but most secure? I would bet Edge and Chrome are more secure than Firefox.

 

[upnorth]

Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it

 

[ScandinavianFish]

GrapheneOS usage guide

Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

grapheneos.org

"Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux, where it can hardly be considered a sandbox at all) and lacks support for isolating sites from each other rather than only containing content as a whole."

 

[upnorth]

GrapheneOS usage guide

Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

grapheneos.org

Re-read the OPs crystal clear information in post number 1. If you can't grasp it, your welcome to ask.

Hello,
I'm using FF ESR on my work machines

 

[ScandinavianFish]

Re-read the OPs crystal clear information in post number 1. If you can't grasp it, your welcome to ask.

I understood, I answered, what more do you want?

 

[Kongo]

Firefox is the most insecure browser, it lacks almost any kind of basic protection against the most common exploits, it wasnt even a month ago since it got site isolation, which itself has numerous vulnerabilities in it

It had site isolation for a long time but wasn't enabled by default as it was in its experimental phase.

 

[upnorth]

I understood, I answered, what more do you want?

No, you sadly still don't get it.

If you can't interpret and grasp plain simple common English that member @JB007 very crystal clear wrote, I would recommend you avoid keep spreading not only misinformation, but also disinformation with pure irrelevant mobile OS links.

 

[ScandinavianFish]

No, you sadly still don't get it.

If you can't interpret and grasp plain simple common English that member @JB007 very crystal clear wrote, I would recommend you avoid keep spreading not only misinformation, but also disinformation with pure irrelevant mobile OS links.

Ah, so youre just an firefox fanboy, got it, so its not worth arguing with you

 

[Kongo]

Ah, so youre just an firefox fanboy, got it, so its not worth arguing with you

He just dropped facts. The article you shared was from GraphenOS which is a mobile OS. You can't compare Firefox desktop with the mobile version.

 

[wat0114]

FWIW, and I'm in no way trying to stir the pot here, but my employer does not provide Firefox as a browser option on their COE devices because they feel it's a security risk to their corporate network. They offer Edge and Chrome only.

 

[Local Host]

FWIW, and I'm in no way trying to stir the pot here, but my employer does not provide Firefox as a browser option on their COE devices because they feel it's a security risk to their corporate network. They offer Edge and Chrome only.

Not far from true, many security experts find Chrome superior in terms of security, and yes they do not provide Firefox as an option whasoever.

Considering OP is using Firefox at work, the point remains on @ScandinavianFish side, only in terms of home usage that there is not much difference, it all depends on how you setup the browser.

In the end is not my concern, the opinion was given, whatever people do with it is their own problem, I do not recommend Firefox for business be it in terms of security or stability.

 

[SpiderWeb]

Just consider this, Tor is based off ESR. If it's secure enough for Tor, then it's secure enough for anything.

 

[Local Host]

Just consider this, Tor is based off ESR. If it's secure enough for Tor, then it's secure enough for anything.

You seem to misunderstand Tor purpose, is about being anonymous not secure, the node traffic is not even encrypted.

 

[SpiderWeb]

You seem to misunderstand Tor purpose, is about being anonymous not secure, the node traffic is not even encrypted.

You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.

 

[Local Host]

You seem to misunderstand that there is no security without privacy and definitely no security without anonymity. Regarding node traffic not being encrypted...that's a HUGE stretch. Tor does not tamper with your traffic so it depends on what website you connect to. In this era where most websites are encrypted, so is all of your traffic. Again, I refuse to side with Chrome shills. There is ZERO security if you have no privacy and control over where your information is going in the first place.

Security =/= Privacy, being paranoid over privacy will only get you so far.