On Sat, Feb 1, 2025 at 6:24 PM Mike Hommey <m...@glandium.org> wrote: > > On Sat, Feb 01, 2025 at 05:39:43PM -0300, Leandro Cunha wrote: > > Package: firefox-esr > > X-Debbugs-Cc: leandrocunha...@gmail.com > > Version: 128.6.0esr-4 > > Severity: normal > > > > Dear Maintainer, > > > > Showing a warning with the text "some of Firefox's security features > > may offer less protection on your current operating system", with the > > link below[1] recommending downloading from the Mozilla repository > > claiming that this way I would have more protection? Firefox is > > distributed in RPM, distributed in DEB and even Arch distributes it in > > its official repositories like Debian. This information may encourage > > users with less knowledge to follow what would be mentioned in the > > link below. I believe that this message is also not true regarding the > > security issue and I trust the work of those who have maintained it > > for so many years. See screenshot. > > > > This message is not relevant, but you can create a patch to remove it > > and precisely to prevent more lay users from avoiding using Firefox > > ESR (for example) offered by Debian. > > This with the idea that such security problems would be fixed. > > The message *is* relevant, and the link, while misleading, is kind of > right, but it doesn't bring you to the relevant part of the page, which > is at the end, under "Security features warning". > > The link should probably be changed to > > https://support.mozilla.org/en-US/kb/install-firefox-linux#w_security-features-warning > > But I'd argue it should have its own separate support page. > > Mike
"The sandbox in Firefox makes use of unprivileged user namespaces when creating new processes for enforcing more security. This can be considered a security risk, therefore some Linux distributions have started to restrict its usage and only allow it to work where there is an AppArmor profile." Interesting, but the question would be that I need to configure Firefox ESR for this as a security enhancement? I agree that it is directed to a page that covers the topic very broadly and it would be interesting if it were separate. I would be unaware of this issue if it weren't for this message, if it addresses what you mentioned it would be a useful message indeed. -- Cheers, Leandro Cunha
