Originally posted by nanonyme
View Post
In short: if you want security, either make sure all FF builds are coming with the latest security patches to all shipped libraries, or built it yourself locally against system libraries. This goes double if you have to pin FIrefox to keep out unwanted "features." That's because pinning all the libraries too means any attacker has a large part of the total system as a fixed, non-moving target matching a huge number of other installs from one time. That makes "quality control" on exploits and payloads a breeze and gives attackers reliable access to your system, instead of having exploits break because some underlying library changed.
For non-networked programs on a single-user machine this should not be an issue unless they can be attacked FROM the browser, and in that case for them to be isolated in a Snap makes it harder to reach them, even if the exploits are known. Thus, Snappy should be great for something like Kdenlive, but is a bad idea for something like Firefox.
Comment