Re: Where to Install Firefox from a Security Standpoint?
Any "settings," i.e. extensions, preferences, or other tweakable items must be in a user-writable location, which is /username/.mozilla. All users will have their own .mozilla folder.
The /opt folder is not user-writable. Therefore, the binaries, executables, .so files, or scripts that make up Firefox can be modified only by root. This is a good thing.
Running the Firefox binaries in /home/username works beautifully too, except
.... Now the core binaries are writable by any user, and can be modified, trashed, or even deleted (think malware).
Absolutely. Imagine that malware targeting Firefox gets onto your system while you're surfing, a scenario not outside reality. Running with your /username privileges, it is free to do whatever it wants with your /home/username/firefox folder. It could not change anything in /opt/firefox however, because that is a root folder.
Even root gets its own .mozilla folder. If you've ever run Firefox as root, you will find a /root/.mozilla folder on your drive. It will have no extensions, themes, or other preferences set until or unless you set them (as root).
The object of the game is to not
be taken by surprise, as Redmond is continuously, because of carelessness, complacency, or a false sense of security. This is the reason that all executables in Linux are in root folders, making mischief far more difficult.
This might be gratuitous, but just for completeness, here's how I do it:
- Start Dolphin as root.
- Copy the FF tarball to /opt.
- Right-click it and "Extract to Here..."
- Delete the tarball.
- Exit Dolphin.
- Modify the Kmenu entry with the complete path, /opt/firefox/firefox. Update the location of the icon. Delete and then re-create my Panel icon.
- Start System Settings --> Default Applications. Set the complete path to FF, /opt/firefox/firefox.
That's it. The only difference now is that you must start Firefox as root in order to update it.