github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1584] Firefox Nightly breaks out of firejail(-0.9.50,-0.9.51) #1055

New issue

Closed

opened 2026-05-05 07:22:26 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 07:22:26 -06:00

Owner

Originally created by @ghost on GitHub (Oct 1, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1584

Hi,

I've installed firejail from AUR(firejail-git) and downloaded firefox nightly(58.0a1). I've created a directory FF_Nightly then moved the firefox directory there. When I start it as firejail --private=${HOME}/FF_Nightly ./firefox/firefox, Firefox 55.0(the installed one) will start instead of Nightly - and it's using the configuration from another running sandbox. The same happens when I simply start FFN but I thought firejail would stop it. I have two FF sandboxes with their own config but when I start FFN it'll start with the latest sandbox's config. It seems like FFN breaks out of the jail somehow.

Originally created by @ghost on GitHub (Oct 1, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1584 Hi, I've installed firejail from AUR(firejail-git) and downloaded firefox nightly(58.0a1). I've created a directory `FF_Nightly` then moved the firefox directory there. When I start it as `firejail --private=${HOME}/FF_Nightly ./firefox/firefox`, Firefox 55.0(the installed one) will start instead of Nightly - *and it's using the configuration from another running sandbox*. The same happens when I simply start FFN but I thought firejail would stop it. I have two FF sandboxes with their own config but when I start FFN it'll start with the latest sandbox's config. It seems like FFN breaks out of the jail somehow.

gitea-mirror

2026-05-05 07:22:26 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:22:30 -06:00

Author

Owner

@ghost commented on GitHub (Oct 1, 2017):

This broke my old configurations - when I start them they glitch and show black and white rectangles.

Edit: this is my fault: I've set read-only /dev globally.

@ghost commented on GitHub (Oct 1, 2017): This broke my old configurations - when I start them they glitch and show black and white rectangles. Edit: this is my fault: I've set `read-only /dev` globally.

gitea-mirror commented

2026-05-05 07:22:31 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Oct 1, 2017):

See #939

@SkewedZeppelin commented on GitHub (Oct 1, 2017): See #939

gitea-mirror commented

2026-05-05 07:22:32 -06:00

Author

Owner

@ghost commented on GitHub (Oct 1, 2017):

@SpotComms I can run two different instances of firefox in different sandboxes - I use them now and they both look and behave differently. The problem is with FFN - I've made a different jail for it and it could access the others' content.

@ghost commented on GitHub (Oct 1, 2017): @SpotComms I can run two different instances of firefox in different sandboxes - I use them now and they both look and behave differently. The problem is with FFN - I've made a different jail for it and it could access the others' content.

gitea-mirror commented

2026-05-05 07:22:33 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Oct 1, 2017):

So I just tested this

firejail --private /usr/bin/firefox #starts a new instance
firejail --private /usr/bin/firefox #opens a window in first instance
firejail --private /usr/bin/firefox-nightly #opens a window in first instance
#close first instance, all windows close

Even with a new network namespace and ipc-namespace, it still launches a window in the first.

However simply adding -no-remote will allow running multiple instances of both firefox and firefox-nightly at the same time. Also in that case even though it works I think it might still be possible to get back into the context of the other running Firefox instances.

firejail --private /usr/bin/firefox -no-remote

Can you give that a go?

Edit: See #1570, #784, #330

@SkewedZeppelin commented on GitHub (Oct 1, 2017): So I just tested this ``` firejail --private /usr/bin/firefox #starts a new instance firejail --private /usr/bin/firefox #opens a window in first instance firejail --private /usr/bin/firefox-nightly #opens a window in first instance #close first instance, all windows close ``` Even with a new network namespace and ipc-namespace, it still launches a window in the first. However simply adding `-no-remote` will allow running multiple instances of both firefox and firefox-nightly at the same time. Also in that case even though it works I think it might still be possible to get back into the context of the other running Firefox instances. ``` firejail --private /usr/bin/firefox -no-remote ``` Can you give that a go? Edit: [See](https://github.com/netblue30/firejail/issues/1570#issuecomment-331573811) #1570, #784, #330

gitea-mirror commented

2026-05-05 07:22:35 -06:00

Author

Owner

@ghost commented on GitHub (Oct 1, 2017):

@SpotComms You've missed the --private=${HOME}/FF_Nightly part.
Edit: also, -no-remote does work.

@ghost commented on GitHub (Oct 1, 2017): @SpotComms You've missed the `--private=${HOME}/FF_Nightly` part. Edit: also, -no-remote does work.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1055

No description provided.

Rows
Columns