Mozilla announced today in a blog post that it is now offering an RPM package of the Firefox open-source web browser for RPM-based GNU/Linux distributions, with an initial focus on the Firefox Nightly releases.
Mozilla already provided a DEB binary package for Debian-based systems, so they’re now offering the same native package installation of Firefox for RPM-based systems, making it a lot easier for users of RPM-based distributions to update their Firefox installations to the latest version on the day of the release.
Using the RPM package over the official binary package offers some benefits, such as better performance due to advanced compiler-based optimizations, hardened binaries with all security flags enabled, access to the latest Firefox releases as fast as possible, and you won’t have to create your own .desktop file anymore
Aside from nightly, I thought the repo release was up to date? I’m pretty sure its included in the default repo for Fedora.
It is. Relatively so. This smells of Mozilla wanting to package things in there that Linux distro maintainers wouldn’t package in themselves.
You may say I’m being overtly cynical and as much as I love Firefox, I can’t say I trust Mozilla’s intentions
So uh… Why didn’t they do this two decades ago?
Because it’s more testing, more work, more resources spent, all for something that package maintainers will usually do for free anyway.
Must be a change in management
Now that I use flatpak …
Sync your shit, uninstall Flatpak pkg, install RPM pkg, login to Firefox, sync everything back again, good to go. 🚀
The Firefox Flatpak has much weaker isolation because the Flatpak sandbox interferes with the browser sandbox. This means a malicious site can compromise other sites and even the whole browser with a single exploit instead of the two normally required (which is a significant degradation in protection). The specific part blocked by Flatpak is user namespace sandboxing by Firefox. If you can help it, DO NOT install as Flatpak. Snap does not have this problem, but nobody likes Snap. Chromium has a similar problem as a Flatpak.
Nobody likes snaps because Canonical is exactly like Microsoft: the only thing they could make that wouldn’t suck would be vacuums.
Thanks for the good explanation!
Yeah np
Is this because everything runs as root inside Flatpak? Wouldn’t it be possible to run as non-root inside Flatpak?
No, nothing runs as root in a Flatpak. The problem is that Flatpak stops apps from using unprivileged user namespaces, which is used by all modern browsers to isolate web contents. Because the browser (Firefox) can’t use namespaces, a malicious website can use a single exploit instead of needing to chain two separate exploits, making it significantly more likely to break the sandbox.
Ah interesting. I was thinking of this post
