>Regarding JavaScript, I still wonder if Firejail is good enough as a
defense.
To my understanding, JS can collect data (nothing Firejail could do about it,
But NoScript can to some extent), and run code on the Browser, and on the
computer (but I'm really not sure about the latter).
From there, since Firejail (with an option) can limit access to the computer
from outside to only one folder (which can be empty or not). So in theory the
PC is safe, but the browser? Not so, I guess.
Firejail, just like apparmor or selinux (if u manage to spend 1000 hours in
order to learn it, heh) can do a lot of prevention and limit a lot the
surface you expose your computer while using the given application, in this
case the browser. It's the old sec motto of "least privilege".
A good browser profile for firejail, provided the firejail package in itself
is well written and secure and the attacker manages NOT to break out of the
sandbox, will limit a lot what the malware or in this case the proprietary
javascript can do, read, write, access, modify etc
Are you familiar with the option "--private" firejail is blessed with?
Read the man for more info: man firejail.