[GH-ISSUE #1660] firefox profile leaking filesystem access

gitea-mirror commented

2026-05-05 07:29:48 -06:00

Owner

Originally created by @Boruch-Baum on GitHub (Nov 28, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1660

The firefox profile is said to limit the browser's access to the user's filesystem to ~/Downloads and certain other specific files. However, my firefox file dialog (version 52 esr) includes at the bottom of the left-hand bookmark / location bar, an item labeled "other locations", and clicking on that shows that firefox has access to all filesystems / devices through that method.

Originally created by @Boruch-Baum on GitHub (Nov 28, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1660 The firefox profile is said to limit the browser's access to the user's filesystem to ~/Downloads and certain other specific files. However, my firefox file dialog (version 52 esr) includes at the bottom of the left-hand bookmark / location bar, an item labeled "other locations", and clicking on that shows that firefox has access to all filesystems / devices through that method.

gitea-mirror

2026-05-05 07:29:48 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:29:51 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Nov 28, 2017):

G'day Boruch-Baum,
The firefox profile limits any access in your home directory to Downloads and a few necessary config files. It also strictly limits or prevents access to select other directories like /boot, /dev, /root, and /tmp.
Also, it prevents lots of potential attacks thanks to the seccomp filter and noroot/nonewprivs filters.

Other system files, such as those in /etc or /lib, are visible, though read-only, inside the sandbox. This is by design.

@netblue30 or some other contributors can certainly explain it better than I can, but in the meantime these links may be of interest to you. 😄
https://github.com/netblue30/firejail/issues/1352
https://github.com/netblue30/firejail/issues/354
https://github.com/netblue30/firejail/issues/970

Cheers!
Fred

@Fred-Barclay commented on GitHub (Nov 28, 2017): G'day Boruch-Baum, The firefox profile limits any access **in your home directory** to Downloads and a few necessary config files. It also strictly limits or prevents access to select other directories like /boot, /dev, /root, and /tmp. Also, it prevents lots of potential attacks thanks to the seccomp filter and noroot/nonewprivs filters. Other system files, such as those in /etc or /lib, are visible, though read-only, inside the sandbox. This is by design. @netblue30 or some other contributors can certainly explain it better than I can, but in the meantime these links may be of interest to you. 😄 https://github.com/netblue30/firejail/issues/1352 https://github.com/netblue30/firejail/issues/354 https://github.com/netblue30/firejail/issues/970 Cheers! Fred

gitea-mirror commented

2026-05-05 07:29:53 -06:00

Author

Owner

@Boruch-Baum commented on GitHub (Nov 28, 2017):

@Fred-Barclay: G'day. Your comment doesn't reflect my experience and seems to ignore what I actually reported, so I should be more specific.

1] Open an instance of firefox using firejail.
2] Open any URL, local or remote.
3] Type C-s (Control-s).
4] Within the save dialog that appears, click on the "Other Locations" line at the bottom of the bookmark bar on the left-hand side of the dialog.
5] Notice that you can now view all mount-points system-wide, including other unmounted partitions, USB drives, network connections, etc.

Nothing to do with access to /etc or /lib, as you commented, and in fact I don't see that I actually have access to those directories at all.

@Boruch-Baum commented on GitHub (Nov 28, 2017): @Fred-Barclay: G'day. Your comment doesn't reflect my experience and seems to ignore what I actually reported, so I should be more specific. 1] Open an instance of firefox using firejail. 2] Open any URL, local or remote. 3] Type C-s (Control-s). 4] Within the save dialog that appears, click on the "Other Locations" line at the bottom of the bookmark bar on the left-hand side of the dialog. 5] Notice that you can now view all mount-points system-wide, including other unmounted partitions, USB drives, network connections, etc. Nothing to do with access to /etc or /lib, as you commented, and in fact I don't see that I actually have access to those directories at all.

gitea-mirror commented

2026-05-05 07:29:54 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Nov 28, 2017):

@Boruch-Baum if you want to block access to other drives you can run this command as root:
echo "disable-mnt" >> /etc/firejail/firefox.local

@SkewedZeppelin commented on GitHub (Nov 28, 2017): @Boruch-Baum if you want to block access to other drives you can run this command as root: `echo "disable-mnt" >> /etc/firejail/firefox.local`

gitea-mirror commented

2026-05-05 07:29:56 -06:00

Author

Owner

@smitsohu commented on GitHub (Nov 28, 2017):

@Boruch-Baum for clarification: Is this issue about information leaking?

I tried to reproduce and I can see some forbidden fruit, but I am not able to actually access it.

@smitsohu commented on GitHub (Nov 28, 2017): @Boruch-Baum for clarification: Is this issue about information leaking? I tried to reproduce and I can _see_ some forbidden fruit, but I am not able to actually _access_ it.

gitea-mirror commented

2026-05-05 07:29:58 -06:00

Author

Owner

@Boruch-Baum commented on GitHub (Nov 28, 2017):

@SpotComms: That did it! Thanks. Should this be made standard? Or has it been, and my version (0.9.50) is just not bleeding edge?

@smitsohu: Yes. Before @SpotComms tip, I was able to drill down past the initial display of mount points and access to everything that my user account had access. After the tip, the behavior is as I think you are reporting - able to see the initial list of mount points, but not able to drill down.

Ideally, the mount points themselves should be hidden, no?

@Boruch-Baum commented on GitHub (Nov 28, 2017): @SpotComms: That did it! Thanks. Should this be made standard? Or has it been, and my version (0.9.50) is just not bleeding edge? @smitsohu: Yes. Before @SpotComms tip, I was able to drill down past the initial display of mount points and access to everything that my user account had access. After the tip, the behavior is as I think you are reporting - able to see the initial list of mount points, but not able to drill down. Ideally, the mount points themselves should be hidden, no?

gitea-mirror commented

2026-05-05 07:30:00 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Nov 28, 2017):

@Boruch-Baum I actually added it in 5354f20012 (diff-e1a5f71d78072f938239e39011f8bd73), but removed it in 9e3ba319be, it was never enabled however.

I left it disabled for the browsers for the few users that might keep their Downloads directory on another drive.

@SkewedZeppelin commented on GitHub (Nov 28, 2017): @Boruch-Baum I actually added it in https://github.com/netblue30/firejail/commit/5354f20012b488c50cd556e315b78ad351ae0f9d#diff-e1a5f71d78072f938239e39011f8bd73, but removed it in 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b, it was never enabled however. I left it disabled for the browsers for the few users that might keep their Downloads directory on another drive.

gitea-mirror commented

2026-05-05 07:30:02 -06:00

Author

Owner

@Boruch-Baum commented on GitHub (Nov 28, 2017):

@SpotComms : OK. On your judgement, close the issue. My vote is to enable the protection for the many, and force the few to make the manual change.

@Boruch-Baum commented on GitHub (Nov 28, 2017): @SpotComms : OK. On your judgement, close the issue. My vote is to enable the protection for the many, and force the few to make the manual change.

gitea-mirror commented

2026-05-05 07:30:03 -06:00

Author

Owner

@Boruch-Baum commented on GitHub (Nov 28, 2017):

Also in favor of enabling the protection by default is that the minority who have their ~/Downloads directory on another mount point can still temporarily save data to their $HOME directory, which the firejail profile also allows by default.

@Boruch-Baum commented on GitHub (Nov 28, 2017): Also in favor of enabling the protection by default is that the minority who have their ~/Downloads directory on another mount point can still temporarily save data to their $HOME directory, which the firejail profile also allows by default.

gitea-mirror commented

2026-05-05 07:30:05 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Nov 28, 2017):

I agree that we may want to consider using disable-mnt more liberally.

@Fred-Barclay commented on GitHub (Nov 28, 2017): I agree that we may want to consider using `disable-mnt` more liberally.

gitea-mirror commented

2026-05-05 07:30:05 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Nov 30, 2017):

Mount points have been disabled for browsers in 19f9beca32. 🎉

@Fred-Barclay commented on GitHub (Nov 30, 2017): Mount points have been disabled for browsers in 19f9beca3287ae2ebfdc81cf40c7b686655223b5. 🎉

gitea-mirror commented

2026-05-05 07:30:06 -06:00

Author

Owner

@Boruch-Baum commented on GitHub (Dec 1, 2017):

Thanks, @Fred-Barclay.

@Boruch-Baum commented on GitHub (Dec 1, 2017): Thanks, @Fred-Barclay.

Rows
Columns

[GH-ISSUE #1660] firefox profile leaking filesystem access #1121