Firefox zeroday patch

kieran · January 16, 2020, 9:18am

Or from the past?

Wayne · January 16, 2020, 11:44am

When I added Firefox from Mozilla, I had to add a firefox.desktop entry. Others have described how to do that in this forum, e.g. here. I put mine in /usr/share/applications, however. That added Firefox to the Applications menu and everything was fine.

Maybe one does not have to do that anymore, but I thought I would chime in.

Zigmeister · January 16, 2020, 2:08pm

Thanks for the help. I will try the CL input. I think that should help. Oddly, right clicking the tool bar to add to favorites is the way I usually do it but, in this case, does work. Thanks again.

Zigmeister · January 16, 2020, 2:10pm

Opps, I drive 18 hours from Illinois to Arizona and posted my question right before I went to sleep. Yeah, it’s Thursday.

HD-OZ · January 17, 2020, 11:19am

Jeremiah, you were saying, that - “My first recommendation is to use a different browser, like Epiphany”
Are you needing to do anything to “Epiphany” in regards to Privacy & Security? Or is it accepted thatit is all OK in that respect?

jeremiah · January 17, 2020, 5:31pm

This is a good question. A good question requires a good answer but a good answer in this case has to be exhaustive I feel and I can’t give you that.

What I can say is that Epiphany is partly designed to run in a container or via flatpak and that approach fits our security paradigm better. It is also well maintained upstream and doesn’t have many of the bells and whistles that other browsers do thus reducing the surface area for attacks. We want a browser that works on all our devices that we can adapt and even fork if necessary and Epiphany fits that bill better than Firefox. Of course, users can use any browser on their device, but we can’t invest time and energy in every available browser, we have to focus on our users’ needs.

HD-OZ · January 17, 2020, 10:56pm

Thanks Jeremiah, I guess Epiphany (which is the one I would like to use), and is on (I think) the “Librem 5” (Chestnut batch) I have, is Secure & Private; but do you there at Purism, intend at this stage to do an Audit on it?

Did you mean, with the Privacy & Security in mind with “Epiphany” as it is, is an Audit of the code, & doing if needed, the type of things, you at Purism found you needed to do to “Firefox”, to make it more Secure & Private; would be done, if Purism decides to “Fork” Epiphany?

Also is Epiphany on the “Chestnut Batch” of the phone, run from a Flatpak, or Installed partly to run in a container?

kieran · January 20, 2020, 11:19pm

Picking up on that question, I would be interested to know what those things were. Is that documented anywhere, at least in part?

reC · January 21, 2020, 9:52am

or a good link ?

jeremiah · January 21, 2020, 2:46pm

The changes that we make to Purebrowser are here: https://source.puri.sm/pureos/packages/firefox-esr/commit/0d5ee489c1c4761d8b02fc04ee9d16c341c9e2d8

This is a long list, and it is detailed.

jeremiah · January 21, 2020, 5:44pm

I’m pasting here a high level description of what we did to PureBrowser to meet our required safety and privacy goals. Use this description along with the previous link to the actual diff to find out exactly the things we did.

We package Firefox from Debian unstable as “PureBrowser” then we make three minor changes:

We change the homepage. DuckDuckGo is currently our homepage.

We change the default search engine settings. DuckDuckGo is currently
our default search engine.

We install privacy and security addons from
addons.mozilla.com by default. We currently have two addons,
uBlock and HTTPS Everywhere.

There are also tweaks for rebranding, packaging, and user-agent string
tweaks.

Re: planned audit - I assume you mean security audit @HD-OZ as opposed to privacy audit? At this point no audit is planned. To do that well requires security and/or privacy researchers, time and money, and a third party.
Re: audit of Epiphany - we haven’t done that either, but we have developers who’ve written part of the code base, so we have a greater degree of confidence.
Re: Yes, Epiphany should be on Chestnut and I’m fairly certain it’s the default on my Birch device and is meant to remain so. It is currently installed per default and not run from a flatpak. However, we’re building specific Continuous Integration tooling to build flatpaks in our toolchain, so we should soon be able to provide Epiphany runable as a flatpak.
Re: Firefox vs. Epiphany security: I don’t know if we’ll need to do the same things on Epiphany as we did with Firefox, though I imagine we’ll want to tweak the defaults somewhat. At the moment core functionality and optimization for our platforms is being done, we’ll soon focus on the privacy and security aspects before wider release.

HD-OZ · January 22, 2020, 10:34am

Hi Jeremiah, That as described in the LINK, for what was needed to do to “Firefox”; was very good, fabulous work > Thanks for including that Link.

The High level description in the next post of yours, was a good overview too; Plus your intended timeline for Epiphany,