[GH-ISSUE #1655] firefox '<url>' no longer works? #1119

New issue

Closed

opened 2026-05-05 07:29:25 -06:00 by gitea-mirror · 19 comments

gitea-mirror commented 2026-05-05 07:29:25 -06:00

Owner

Copy link

Originally created by @rieje on GitHub (Nov 23, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1655

When running from the command line, it seems that firefox 'twitter.com', for example, no longer works (it hasn't worked for maybe ~1 week now). Firefox gets launched but the Twitter page does not get opened. It used to work. /usr/bin/firefox 'twitter.com' works as expected.

I'm on the latest version of Arch Linux, so on Firejail 0.9.50-1 and Firefox 57.0-2. Tell me what other information you guys need.

Thanks.

Originally created by @rieje on GitHub (Nov 23, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1655 When running from the command line, it seems that `firefox 'twitter.com'`, for example, no longer works (it hasn't worked for maybe ~1 week now). Firefox gets launched but the Twitter page does not get opened. It used to work. `/usr/bin/firefox 'twitter.com'` works as expected. I'm on the latest version of Arch Linux, so on Firejail 0.9.50-1 and Firefox 57.0-2. Tell me what other information you guys need. Thanks.

gitea-mirror closed this issue 2026-05-05 07:29:26 -06:00

gitea-mirror commented 2026-05-05 07:29:28 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Nov 24, 2017):

G'day @rieje and thanks for the report!
I'm also running fully-updated Arch (the only obvious difference from your setup being that I built firejail from the latest code on GitHub) and firefox 'twitter.com' works without problems for me.

Can you test a few things for me?

1. Does firefox 'twitter.com' work when you're not running Firefox in firejail?
2. If so, what happens with firejail --noprofile firefox 'twitter.com'?
3. Can you try disabling any Firefox extensions and seeing what happens?

Cheers!
Fred

<!-- gh-comment-id:346885758 --> @Fred-Barclay commented on GitHub (Nov 24, 2017): G'day @rieje and thanks for the report! I'm also running fully-updated Arch (the only obvious difference from your setup being that I built firejail from the latest code on GitHub) and `firefox 'twitter.com'` works without problems for me. Can you test a few things for me? 1. Does `firefox 'twitter.com'` work when you're not running Firefox in firejail? 2. If so, what happens with `firejail --noprofile firefox 'twitter.com'`? 3. Can you try disabling any Firefox extensions and seeing what happens? Cheers! Fred

gitea-mirror commented 2026-05-05 07:29:30 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Nov 25, 2017):

/usr/bin/firefox 'twitter.com' (which does not use firejail) works as stated. firefox 'twitter.com' for me uses /usr/local/bin firefox, which is a wrapper I've made that uses firejail, and that does not work for me any more, hence this issue (it used to work).

firejail --noprofile firefox 'twitter.com' works, but I get the warning:

Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features

despite closing all instances of Firefox.

I disabled all Firefox extensions and it hasn't changed anything. I'm using the Arch package instead of building the latest code on Github--maybe you can try the Arch package and see if you experience the same issue I'm having.

Thanks.

<!-- gh-comment-id:346911549 --> @rieje commented on GitHub (Nov 25, 2017): `/usr/bin/firefox 'twitter.com'` (which does not use firejail) works as stated. `firefox 'twitter.com'` for me uses `/usr/local/bin firefox`, which is a wrapper I've made that uses firejail, and that does not work for me any more, hence this issue (it used to work). `firejail --noprofile firefox 'twitter.com'` works, but I get the warning: > Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features despite closing all instances of Firefox. I disabled all Firefox extensions and it hasn't changed anything. I'm using the Arch package instead of building the latest code on Github--maybe you can try the Arch package and see if you experience the same issue I'm having. Thanks.

gitea-mirror commented 2026-05-05 07:29:32 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Nov 25, 2017):

Warning: an existing sandbox was detected.

That is caused because firefox is already a symlink to firejail, due to firecfg. Its equlivant to running firejail /usr/bin/firejail /usr/bin/firefox

Try firejail --noprofile /usr/bin/firefox instead.

And as a side, I aswell cannot repro this issue.

<!-- gh-comment-id:346915760 --> @SkewedZeppelin commented on GitHub (Nov 25, 2017): > Warning: an existing sandbox was detected. That is caused because firefox is already a symlink to firejail, due to firecfg. Its equlivant to running `firejail /usr/bin/firejail /usr/bin/firefox` Try `firejail --noprofile /usr/bin/firefox` instead. And as a side, I aswell cannot repro this issue.

gitea-mirror commented 2026-05-05 07:29:33 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Nov 26, 2017):

Both firejail --noprofile /usr/bin/firefox 'twitter.com' and firejail /usr/bin/firefox 'twitter.com' works, so I guess something is wrong with my /usr/local/bin/firefox script that leads to firefox 'twitter.com' not working for me (since the script is in /usr/local/bin and has priority over /usr/bin/firefox). I don't recall changing it though and it worked previously.

Can you see if it works? Thanks.

<!-- gh-comment-id:347046571 --> @rieje commented on GitHub (Nov 26, 2017): Both `firejail --noprofile /usr/bin/firefox 'twitter.com'` and `firejail /usr/bin/firefox 'twitter.com'` works, so I guess something is wrong with my /usr/local/bin/firefox [script](https://ptpb.pw/AKvzaDG-gO0W_cCyJa2Uj4jomlfI) that leads to `firefox 'twitter.com'` not working for me (since the script is in /usr/local/bin and has priority over /usr/bin/firefox). I don't recall changing it though and it worked previously. Can you see if it works? Thanks.

gitea-mirror commented 2026-05-05 07:29:34 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Nov 26, 2017):

@rieje I just tested your script and am still not able to reproduce this issue.

Are you using a weird shell like fish or anything?

<!-- gh-comment-id:347047069 --> @SkewedZeppelin commented on GitHub (Nov 26, 2017): @rieje I just tested your script and am still not able to reproduce this issue. Are you using a weird shell like fish or anything?

gitea-mirror commented 2026-05-05 07:29:35 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Nov 26, 2017):

I am using bash/zsh and have always used them when it worked. How about try the script with my firefox.profile?

<!-- gh-comment-id:347047629 --> @rieje commented on GitHub (Nov 26, 2017): I am using bash/zsh and have always used them when it worked. How about try the script with my [firefox.profile](https://ptpb.pw/AEvZzroTWlU1MBgY8VL8gcSiSJrM.profile)?

gitea-mirror commented 2026-05-05 07:29:36 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Nov 26, 2017):

@rieje nothing in your profile should cause that, at least not that I see.

This is an odd one.

<!-- gh-comment-id:347047782 --> @SkewedZeppelin commented on GitHub (Nov 26, 2017): @rieje nothing in your profile should cause that, at least not that I see. This is an odd one.

gitea-mirror commented 2026-05-05 07:29:36 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Dec 1, 2017):

For what it's worth, I am not seeing this issue with the script you posted. Nothing that is configurable in profiles can prevent command-line args parsing as far as I know, so I don't think the issue is there. Can you do a which firefox and a cat $(which firefox) and post the output (don't post the output of the second one if it's a binary file 😛)? I have a sneaking suspicion something else has priority over your script and that's why you're seeing this behavior.

<!-- gh-comment-id:348641761 --> @chiraag-nataraj commented on GitHub (Dec 1, 2017): For what it's worth, I am not seeing this issue with the script you posted. Nothing that is configurable in profiles can prevent command-line args parsing as far as I know, so I don't think the issue is there. Can you do a `which firefox` and a `cat $(which firefox)` and post the output (don't post the output of the second one if it's a binary file 😛)? I have a sneaking suspicion something else has priority over your script and that's why you're seeing this behavior.

gitea-mirror commented 2026-05-05 07:29:38 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Dec 2, 2017):

$ which firefox

/usr/local/bin/firefox

$ cat $(which firefox)

#!/usr/bin/env sh

# Firefox wrapper to launch in a temporary firejail sandbox in Private Browsing mode.

/usr/bin/firejail --profile="${HOME}/.config/firejail/firefox.profile" --private /usr/bin/firefox -no-remote --private "$@"

<!-- gh-comment-id:348670922 --> @rieje commented on GitHub (Dec 2, 2017): `$ which firefox` > /usr/local/bin/firefox `$ cat $(which firefox)` > \#!/usr/bin/env sh > \# Firefox wrapper to launch in a temporary firejail sandbox in Private Browsing mode. > /usr/bin/firejail --profile="${HOME}/.config/firejail/firefox.profile" --private /usr/bin/firefox -no-remote --private "$@"

gitea-mirror commented 2026-05-05 07:29:39 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Dec 4, 2017):

Hmm. And manually running the command in the script with an argument works? That is, try running /usr/bin/firejail --profile="${HOME}/.config/firejail/firefox.profile" --private /usr/bin/firefox -no-remote --private google.com (for example) to see if that works.

<!-- gh-comment-id:349033875 --> @chiraag-nataraj commented on GitHub (Dec 4, 2017): Hmm. And manually running the command in the script with an argument works? That is, try running `/usr/bin/firejail --profile="${HOME}/.config/firejail/firefox.profile" --private /usr/bin/firefox -no-remote --private google.com` (for example) to see if that works.

gitea-mirror commented 2026-05-05 07:29:40 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Dec 5, 2017):

That exact command works, but simply replacing the argument google.com with twitter.com doesn't. I suppose that's the root of the error. Very strange--is this a bug of Firefox then?

<!-- gh-comment-id:349156069 --> @rieje commented on GitHub (Dec 5, 2017): That exact command works, but simply replacing the argument `google.com` with `twitter.com` doesn't. I suppose that's the root of the error. Very strange--is this a bug of Firefox then?

gitea-mirror commented 2026-05-05 07:29:41 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Dec 5, 2017):

But twitter.com works for me...

<!-- gh-comment-id:349157521 --> @chiraag-nataraj commented on GitHub (Dec 5, 2017): But `twitter.com` works for me...

gitea-mirror commented 2026-05-05 07:29:42 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Dec 5, 2017):

I triple-checked and it doesn't for me Going to make a thread on the Firefox subreddit and see if I can find some answers, this is very strange. Thanks.

<!-- gh-comment-id:349158596 --> @rieje commented on GitHub (Dec 5, 2017): I triple-checked and it doesn't for me Going to make a thread on the Firefox subreddit and see if I can find some answers, this is very strange. Thanks.

gitea-mirror commented 2026-05-05 07:29:43 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Dec 5, 2017):

@rieje could you try github.com?

<!-- gh-comment-id:349171191 --> @SkewedZeppelin commented on GitHub (Dec 5, 2017): @rieje could you try `github.com`?

gitea-mirror commented 2026-05-05 07:29:44 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Dec 6, 2017):

That unfortunately also doesn't work. I even tried prepending www. and https://www. to it.

<!-- gh-comment-id:349500845 --> @rieje commented on GitHub (Dec 6, 2017): That unfortunately also doesn't work. I even tried prepending `www.` and `https://www.` to it.

gitea-mirror commented 2026-05-05 07:29:45 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Dec 6, 2017):

Do any other URLs work at all? How about mozilla.com?

<!-- gh-comment-id:349783876 --> @chiraag-nataraj commented on GitHub (Dec 6, 2017): Do any other URLs work at all? How about `mozilla.com`?

gitea-mirror commented 2026-05-05 07:29:45 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Dec 6, 2017):

@chiraag-nataraj yea. I thought it might've been an OCSP issue or something. github.com and twitter.com both use DigiCert.

Firefox hard fails when it cannot verify an EV cert.

OCSP servers can be blocked or even frequently go down. I'd expect it to show an error for that, but you never know.

<!-- gh-comment-id:349789910 --> @SkewedZeppelin commented on GitHub (Dec 6, 2017): @chiraag-nataraj yea. I thought it might've been an OCSP issue or something. github.com and twitter.com both use DigiCert. Firefox hard fails when it cannot verify an EV cert. OCSP servers can be blocked or even frequently go down. I'd expect it to show an error for that, but you never know.

gitea-mirror commented 2026-05-05 07:29:46 -06:00

Author

Owner

Copy link

@rieje commented on GitHub (Dec 16, 2017):

Based on what @SpotComms said, I checked my mozilla.cfg (list of customized about:config settings) since I remember having some OCSP settings. Turns out disabling those didn't seem to fix the issue, but I found out that lockPref("privacy.sanitize.sanitizeOnShutdown", true); appears to be the culprit. Can anyone confirm so I can close this issue as it appears to be Firefox-related?

Curious since I don't see how this particular setting can cause the undesirable behavior.

<!-- gh-comment-id:352166266 --> @rieje commented on GitHub (Dec 16, 2017): Based on what @SpotComms said, I checked my mozilla.cfg (list of customized about:config settings) since I remember having some OCSP settings. Turns out disabling those didn't seem to fix the issue, but I found out that `lockPref("privacy.sanitize.sanitizeOnShutdown", true);` appears to be the culprit. Can anyone confirm so I can close this issue as it appears to be Firefox-related? Curious since I don't see how this particular setting can cause the undesirable behavior.

gitea-mirror commented 2026-05-05 07:29:47 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Dec 16, 2017):

@rieje just tested, that was indeed it. Weird. It doesn't seem to be a known issue, feel free to report it to Mozilla. https://bugzilla.mozilla.org/buglist.cgi?quicksearch=sanitizeOnShutdown

<!-- gh-comment-id:352166476 --> @SkewedZeppelin commented on GitHub (Dec 16, 2017): @rieje just tested, that was indeed it. Weird. It doesn't seem to be a known issue, feel free to report it to Mozilla. https://bugzilla.mozilla.org/buglist.cgi?quicksearch=sanitizeOnShutdown

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1119

No description provided.