>Regarding JavaScript, I still wonder if Firejail is good enough as a defense. To my understanding, JS can collect data (nothing Firejail could do about it, But NoScript can to some extent), and run code on the Browser, and on the computer (but I'm really not sure about the latter). From there, since Firejail (with an option) can limit access to the computer from outside to only one folder (which can be empty or not). So in theory the PC is safe, but the browser? Not so, I guess.

Firejail, just like apparmor or selinux (if u manage to spend 1000 hours in order to learn it, heh) can do a lot of prevention and limit a lot the surface you expose your computer while using the given application, in this case the browser. It's the old sec motto of "least privilege". A good browser profile for firejail, provided the firejail package in itself is well written and secure and the attacker manages NOT to break out of the sandbox, will limit a lot what the malware or in this case the proprietary javascript can do, read, write, access, modify etc

Are you familiar with the option "--private" firejail is blessed with?

Read the man for more info: man firejail.

Reply via email to