github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4670] firefox: cannot open new URLs into running instance #2744

New issue
Closed
opened 2026-05-05 09:24:25 -06:00 by gitea-mirror · 27 comments
gitea-mirror commented 2026-05-05 09:24:25 -06:00
Owner
Copy link

Originally created by @Lonniebiz on GitHub (Nov 6, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4670

Firejail version: 0.9.62

Kubuntu 20.04 recently auto-updated to Firefox 94. Ever since, I can no longer launch URLs via the command line like this:
firejail firefox https://github.com &

I posted this issue over at AskUbuntu :
https://askubuntu.com/questions/1373963/

Actually, it will launch fine if Firefox is completely closed, but none of my hot keys that launch additional pages work anymore.

This may not be a firejail bug, but I was hoping that posting here might lead to me finding a good work around. Please check out the link above. I appreciate it!

Originally created by @Lonniebiz on GitHub (Nov 6, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4670 Firejail version: 0.9.62 Kubuntu 20.04 recently auto-updated to Firefox 94. Ever since, I can no longer launch URLs via the command line like this: `firejail firefox https://github.com &` I posted this issue over at AskUbuntu : https://askubuntu.com/questions/1373963/ Actually, it will launch fine if Firefox is completely closed, but none of my hot keys that launch additional pages work anymore. This may not be a firejail bug, but I was hoping that posting here might lead to me finding a good work around. Please check out the link above. I appreciate it!
gitea-mirror commented 2026-05-05 09:24:28 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Nov 6, 2021):

@Lonniebiz commented on Nov 6:

Kubuntu 20.04 recently auto-updated to Firefox 94. Ever since, I can no
longer launch URLs via the command line like this: firejail firefox https://github.com &

I posted this issue over at AskUbuntu :
https://askubuntu.com/questions/1373963/

Actually, it will launch fine if Firefox is completely closed, but none of my
hot keys that launch additional pages work anymore.

This may not be a firejail bug, but I was hoping that posting here might lead
to me finding a good work around. Please check out the link above. I
appreciate it!

Please follow the bug template:

Does it help if both invocations use the same sandbox? Example:

firejail --name=firefox1 firefox
firejail --join=firefox1 firefox https://github.com &
<!-- gh-comment-id:962522511 --> @kmk3 commented on GitHub (Nov 6, 2021): @Lonniebiz commented [on Nov 6](https://github.com/netblue30/firejail/issues/4670#issue-1046586022): > Kubuntu 20.04 recently auto-updated to Firefox 94. Ever since, I can no > longer launch URLs via the command line like this: `firejail firefox > https://github.com &` > > I posted this issue over at AskUbuntu : > https://askubuntu.com/questions/1373963/ > > Actually, it will launch fine if Firefox is completely closed, but none of my > hot keys that launch additional pages work anymore. > > This may not be a firejail bug, but I was hoping that posting here might lead > to me finding a good work around. Please check out the link above. I > appreciate it! Please follow the bug template: * <https://github.com/netblue30/firejail/issues/new?assignees=&labels=&template=bug_report.md&title=> Does it help if both invocations use the same sandbox? Example: ```sh firejail --name=firefox1 firefox firejail --join=firefox1 firefox https://github.com & ```
gitea-mirror commented 2026-05-05 09:24:29 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Nov 7, 2021):

firejail version 0.9.62
Kubuntu 20.04
Firefox 94.0

@kmk3 First of all, I really appreciate your attention to the matter. This issue (no matter what is causing it) is pretty important to my workflow. You see, I'm accustom to launching websites I frequent with hotkeys facilitated by autokey.

So, I'm not typing these commands in directly, it is a python script within autokey that is sending the commands to the terminal. That script is only two lines:

import os
os.system("firejail firefox https://github.com/ &")

However, for the test you've requested, I'm going to copy and pasted those lines (one at a time) directly into the terminal:

firejail --name=firefox1 firefox
firejail --join=firefox1 firefox https://github.com &

Result: The first line launched the browser like normal. However, when I entered the second command, I got this error:

Firefox is already running, but is not responding. To use Firefox, you must first close the
existing Firefox process, restart your device, or use a different profile.

errorFirefox

Output:

user@pc1:~$ firejail --name=firefox1 firefox &
[1] 8361
user@pc1:~$ Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 8361, child pid 8362
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 78.76 ms

** (firefox:9): WARNING **: 14:46:29.227: Unable to connect to dbus: Could not connect: Permission denied

(firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed



firejail --join=firefox1 firefox https://github.com
Switching to pid 8362, the first child process inside the sandbox
Child process initialized in 10.87 ms

** (firefox:468): WARNING **: 14:47:19.745: Unable to connect to dbus: Could not connect: Permission denied

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.858: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.859: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.859: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

###!!! [Child][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
<!-- gh-comment-id:962675191 --> @Lonniebiz commented on GitHub (Nov 7, 2021): firejail version 0.9.62 Kubuntu 20.04 Firefox 94.0 @kmk3 First of all, I really appreciate your attention to the matter. This issue (no matter what is causing it) is pretty important to my workflow. You see, I'm accustom to launching websites I frequent with hotkeys facilitated by [autokey](https://en.wikipedia.org/wiki/AutoKey). So, I'm not typing these commands in directly, it is a python script within autokey that is sending the commands to the terminal. That script is only two lines: ``` import os os.system("firejail firefox https://github.com/ &") ``` However, for the test you've requested, I'm going to copy and pasted those lines (one at a time) directly into the terminal: ``` firejail --name=firefox1 firefox firejail --join=firefox1 firefox https://github.com & ``` **Result:** The first line launched the browser like normal. However, when I entered the second command, I got this error: > Firefox is already running, but is not responding. To use Firefox, you must first close the > existing Firefox process, restart your device, or use a different profile. ![errorFirefox](https://user-images.githubusercontent.com/151919/140660304-4127905f-bbad-48cf-8e33-6882ce8e5c04.png) Output: ``` user@pc1:~$ firejail --name=firefox1 firefox & [1] 8361 user@pc1:~$ Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 8361, child pid 8362 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 78.76 ms ** (firefox:9): WARNING **: 14:46:29.227: Unable to connect to dbus: Could not connect: Permission denied (firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:29.316: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:30.267: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.238: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:9): GLib-GIO-CRITICAL **: 14:46:31.937: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed firejail --join=firefox1 firefox https://github.com Switching to pid 8362, the first child process inside the sandbox Child process initialized in 10.87 ms ** (firefox:468): WARNING **: 14:47:19.745: Unable to connect to dbus: Could not connect: Permission denied (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.858: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.859: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.859: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:19.863: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed (firefox:468): GLib-GIO-CRITICAL **: 14:47:20.784: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed ###!!! [Child][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost ```
gitea-mirror commented 2026-05-05 09:24:30 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Nov 7, 2021):

Submitted to Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=1739919

<!-- gh-comment-id:962696002 --> @Lonniebiz commented on GitHub (Nov 7, 2021): Submitted to Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1739919
gitea-mirror commented 2026-05-05 09:24:31 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Nov 8, 2021):

@Lonniebiz commented on Nov 7:

firejail version 0.9.62

That version is old and potentially vulnerable to 3 CVEs; see:

Kubuntu 20.04

Firefox 94.0

There is more to the template than the environment section and I don't feel
like copy pasting parts of it here.

The generic advice would be to try commenting parts of the relevant profiles to
narrow down the issue.

Other than that, there are a few similar-looking issues that may be of help:

<!-- gh-comment-id:962760960 --> @kmk3 commented on GitHub (Nov 8, 2021): @Lonniebiz commented [on Nov 7](https://github.com/netblue30/firejail/issues/4670#issuecomment-962675191): > firejail version 0.9.62 That version is old and potentially vulnerable to 3 CVEs; see: * <https://github.com/netblue30/firejail/discussions/4663#discussioncomment-1592273> * #4666 > Kubuntu 20.04 > > Firefox 94.0 There is more to the template than the environment section and I don't feel like copy pasting parts of it here. The generic advice would be to try commenting parts of the relevant profiles to narrow down the issue. Other than that, there are a few similar-looking issues that may be of help: * #3471 * #3881 * #3919
gitea-mirror commented 2026-05-05 09:24:32 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 8, 2021):

firejail version 0.9.62

Does firefox 64 use the (native) Wayland backend? (context #3290)

<!-- gh-comment-id:962881890 --> @rusty-snake commented on GitHub (Nov 8, 2021): > firejail version 0.9.62 Does firefox 64 use the (native) Wayland backend? (context #3290)
gitea-mirror commented 2026-05-05 09:24:33 -06:00
Author
Owner
Copy link

@RolKau commented on GitHub (Nov 9, 2021):

I had this exact problem using Firefox 94 under Ubuntu Focal 20.04. Firejail 0.9.62 is the version in the Ubuntu repository. Upgrading to Firejail 0.9.66 (through using the 'deki' PPA) seems to have fixed it.

<!-- gh-comment-id:963905630 --> @RolKau commented on GitHub (Nov 9, 2021): I had this exact problem using Firefox 94 under Ubuntu Focal 20.04. Firejail 0.9.62 is the version in the Ubuntu repository. Upgrading to Firejail 0.9.66 (through using the 'deki' PPA) seems to have fixed it.
gitea-mirror commented 2026-05-05 09:24:34 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Nov 16, 2021):

I'm having a similar issue, Firefox 94.0 and firejail 0.9.66:

~ ❯ firejail --version
firejail version 0.9.66

Compile time support:
        - always force nonewprivs support is disabled
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - D-BUS proxy support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - output logging is enabled
        - overlayfs support is disabled
        - private-home support is enabled
        - private-cache and tmpfs as user enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

~ ❯ firejail --join=firefox firefox --new-tab https://hover.com
Switching to pid 1511, the first child process inside the sandbox
Child process initialized in 6.71 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.

^C

Resulting in the below popup inside firefox:
screenshot-1637106556

<!-- gh-comment-id:970871866 --> @ibhagwan commented on GitHub (Nov 16, 2021): I'm having a similar issue, Firefox 94.0 and firejail 0.9.66: ```console ~ ❯ firejail --version firejail version 0.9.66 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ~ ❯ firejail --join=firefox firefox --new-tab https://hover.com Switching to pid 1511, the first child process inside the sandbox Child process initialized in 6.71 ms ATTENTION: default value of option mesa_glthread overridden by environment. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. ^C ``` Resulting in the below popup inside firefox: ![screenshot-1637106556](https://user-images.githubusercontent.com/59988195/142084414-13081117-819c-49ab-a5cc-fb1cc56cad20.png)
gitea-mirror commented 2026-05-05 09:24:34 -06:00
Author
Owner
Copy link

@RolKau commented on GitHub (Nov 18, 2021):

@ibhagwan
Where do your Firejail profiles come from? For me, they are in a companion package named firejail-profiles that I also had to upgrade (if you are on a Debian-derivative system you can for instance see which version you have with a command like apt-cache policy $(dpkg -S /etc/firejail/firefox.profile | cut -d: -f1))

<!-- gh-comment-id:973108587 --> @RolKau commented on GitHub (Nov 18, 2021): @ibhagwan Where do your Firejail profiles come from? For me, they are in a companion package named `firejail-profiles` that I also had to upgrade (if you are on a Debian-derivative system you can for instance see which version you have with a command like `apt-cache policy $(dpkg -S /etc/firejail/firefox.profile | cut -d: -f1)`)
gitea-mirror commented 2026-05-05 09:24:35 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Nov 18, 2021):

@ibhagwan Where do your Firejail profiles come from? For me, they are in a companion package named firejail-profiles that I also had to upgrade (if you are on a Debian-derivative system you can for instance see which version you have with a command like apt-cache policy $(dpkg -S /etc/firejail/firefox.profile | cut -d: -f1))

@RolKau, my profiles came with the default firejail package on void linux:

~ ❯ xbps-query -l | grep firejail
ii firejail-0.9.66_1                       SUID security sandbox program
~ ❯ xbps-query -f firejail  | grep firefox
/etc/firejail/firefox-beta.profile
/etc/firejail/firefox-common-addons.profile
/etc/firejail/firefox-common.profile
/etc/firejail/firefox-developer-edition.profile
/etc/firejail/firefox-esr.profile
/etc/firejail/firefox-nightly.profile
/etc/firejail/firefox-wayland.profile
/etc/firejail/firefox-x11.profile
/etc/firejail/firefox.profile
<!-- gh-comment-id:973146015 --> @ibhagwan commented on GitHub (Nov 18, 2021): > @ibhagwan Where do your Firejail profiles come from? For me, they are in a companion package named `firejail-profiles` that I also had to upgrade (if you are on a Debian-derivative system you can for instance see which version you have with a command like `apt-cache policy $(dpkg -S /etc/firejail/firefox.profile | cut -d: -f1)`) @RolKau, my profiles came with the default `firejail` package on void linux: ```sh ~ ❯ xbps-query -l | grep firejail ii firejail-0.9.66_1 SUID security sandbox program ~ ❯ xbps-query -f firejail | grep firefox /etc/firejail/firefox-beta.profile /etc/firejail/firefox-common-addons.profile /etc/firejail/firefox-common.profile /etc/firejail/firefox-developer-edition.profile /etc/firejail/firefox-esr.profile /etc/firejail/firefox-nightly.profile /etc/firejail/firefox-wayland.profile /etc/firejail/firefox-x11.profile /etc/firejail/firefox.profile ```
gitea-mirror commented 2026-05-05 09:24:36 -06:00
Author
Owner
Copy link

@RolKau commented on GitHub (Nov 19, 2021):

The profiles that are in the Void Linux repository are from this repository, and they match the ones that I have on my installation (from the 'deki' PPA) exactly, so that rules them out as the culprit.

<!-- gh-comment-id:973885642 --> @RolKau commented on GitHub (Nov 19, 2021): The profiles that are in the Void Linux repository are from this repository, and they match the ones that I have on my installation (from the 'deki' PPA) exactly, so that rules them out as the culprit.
gitea-mirror commented 2026-05-05 09:24:36 -06:00
Author
Owner
Copy link

@RolKau commented on GitHub (Nov 19, 2021):

The options and version from firejail --version are the same, except that my version has the option "SELinux support is enabled" whereas yours (@ibhagwan, that is) has "SELinux support is disabled". I am not qualified to say if that is relevant.

<!-- gh-comment-id:973889197 --> @RolKau commented on GitHub (Nov 19, 2021): The options and version from `firejail --version` are the same, *except* that my version has the option "SELinux support is enabled" whereas yours (@ibhagwan, that is) has "SELinux support is disabled". I am not qualified to say if that is relevant.
gitea-mirror commented 2026-05-05 09:24:37 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Dec 13, 2021):

Debian 11 Stable
firejail-profiles version 0.9.64.4-2

@RolKau I'm having the exact same problem again, now with LibreWolf.

<!-- gh-comment-id:992609969 --> @Lonniebiz commented on GitHub (Dec 13, 2021): Debian 11 Stable firejail-profiles version 0.9.64.4-2 @RolKau I'm having the exact same problem again, now with [LibreWolf](https://gitlab.com/librewolf-community/browser/appimage/-/releases).
gitea-mirror commented 2026-05-05 09:24:38 -06:00
Author
Owner
Copy link

@oo-san commented on GitHub (Dec 17, 2021):

You must be using an old firefox profile. I encountered the same erorr, but it works when using the firefox profile bundled with the latest release of firejail (0.9.66).

Adding ignore dbus-user none to an older profile also fixed this problem for me.

<!-- gh-comment-id:996363326 --> @oo-san commented on GitHub (Dec 17, 2021): You must be using an old firefox profile. I encountered the same erorr, but it works when using the firefox profile bundled with the latest release of firejail (0.9.66). Adding `ignore dbus-user none` to an older profile also fixed this problem for me.
gitea-mirror commented 2026-05-05 09:24:38 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Dec 17, 2021):

You must be using an old firefox profile. I encountered the same erorr, but it works when using the firefox profile bundled with the latest release of firejail (0.9.66).

Adding ignore dbus-user none to an older profile also fixed this problem for me.

Unfortuntely that's not the case, I have firejail 0.9.66 and my firefox commands includes --dbus-user=none:

#!/bin/sh
GDK_DPI_SCALE=0.70 firejail --name=firefox --dbus-user=none --keep-config-pulse firefox
<!-- gh-comment-id:996452338 --> @ibhagwan commented on GitHub (Dec 17, 2021): > You must be using an old firefox profile. I encountered the same erorr, but it works when using the firefox profile bundled with the latest release of firejail (0.9.66). > > Adding `ignore dbus-user none` to an older profile also fixed this problem for me. Unfortuntely that's not the case, I have firejail 0.9.66 and my firefox commands includes `--dbus-user=none`: ```sh #!/bin/sh GDK_DPI_SCALE=0.70 firejail --name=firefox --dbus-user=none --keep-config-pulse firefox ```
gitea-mirror commented 2026-05-05 09:24:39 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Dec 17, 2021):

Unfortuntely that's not the case, I have firejail 0.9.66 and my firefox commands includes --dbus-user=none:
GDK_DPI_SCALE=0.70 firejail --name=firefox --dbus-user=none --keep-config-pulse firefox

@ibhagwan By using --dbus-user=none in a shell script or on the command line you are breaking the logic of our firefox profiles (aka @oo-san is correct). Let me explain. Firefox uses D-Bus to open URLs in a running instance (instead of starting a second one). Firejail takes this into account in two steps. To tighten the sandbox we first disallow access to both user and system bus by having dbus-user none and dbus-system none in firefox-common.profile. To keep things like URL processing working in a reasonable way we grant access only to a very limited and specific subset of options. Have a look inside your firefox.profile. Near the bottom you'll see:

[...]
dbus-user filter
dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
[...]
ignore dbus-user none

# Redirect
include firefox-common.profile

The first four lines define that we want to grant access to these specific adressess on the user bus only). The ignore dbus-user none just before the redirect is needed to compensate fully disabling all D-Bus access from inside the sandbox. I hope this clears things up a bit. What happens when you use the below in your shell script?

GDK_DPI_SCALE=0.70 firejail --name=firefox --keep-config-pulse firefox
<!-- gh-comment-id:996498586 --> @ghost commented on GitHub (Dec 17, 2021): > Unfortuntely that's not the case, I have firejail 0.9.66 and my firefox commands includes --dbus-user=none: GDK_DPI_SCALE=0.70 firejail --name=firefox --dbus-user=none --keep-config-pulse firefox @ibhagwan By using `--dbus-user=none` in a shell script or on the command line you are breaking the `logic` of our firefox profiles (aka @oo-san is correct). Let me explain. Firefox uses D-Bus to open URLs in a running instance (instead of starting a second one). Firejail takes this into account in two steps. To tighten the sandbox we first disallow access to both user and system bus by having `dbus-user none` and `dbus-system none` in firefox-common.profile. To keep things like URL processing working in a reasonable way we grant access only to a very limited and specific subset of options. Have a look inside your firefox.profile. Near the bottom you'll see: ``` [...] dbus-user filter dbus-user.own org.mozilla.Firefox.* dbus-user.own org.mozilla.firefox.* dbus-user.own org.mpris.MediaPlayer2.firefox.* [...] ignore dbus-user none # Redirect include firefox-common.profile ``` The first four lines define that we want to grant access to these specific adressess on the user bus only). The `ignore dbus-user none` just before the redirect is needed to compensate fully disabling all D-Bus access from inside the sandbox. I hope this clears things up a bit. What happens when you use the below in your shell script? ``` GDK_DPI_SCALE=0.70 firejail --name=firefox --keep-config-pulse firefox ```
gitea-mirror commented 2026-05-05 09:24:39 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Dec 17, 2021):

@glitsj16 tysm for the explnation, it does help clear things up a bit.

I just tried running without the --dbus-user=none and then ran the following command:

~ ❯ firejail --join=firefox firefox --new-tab https://hover.com
Switching to pid 1980, the first child process inside the sandbox
Child process initialized in 7.21 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory.
^C

And this is what I get inside firefox (basically same result):
screenshot-1639727921

<!-- gh-comment-id:996513738 --> @ibhagwan commented on GitHub (Dec 17, 2021): @glitsj16 tysm for the explnation, it does help clear things up a bit. I just tried running without the `--dbus-user=none` and then ran the following command: ```console ~ ❯ firejail --join=firefox firefox --new-tab https://hover.com Switching to pid 1980, the first child process inside the sandbox Child process initialized in 7.21 ms ATTENTION: default value of option mesa_glthread overridden by environment. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. JavaScript error: resource://gre/modules/XULStore.jsm, line 66: Error: Can't find profile directory. ^C ``` And this is what I get inside firefox (basically same result): ![screenshot-1639727921](https://user-images.githubusercontent.com/59988195/146510266-208b866b-2864-4c7f-8422-f82c666d7188.png)
gitea-mirror commented 2026-05-05 09:24:39 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Dec 18, 2021):

@ibhagwan I don't have a straightforward do-this-and-it-will-work answer to your issue at the moment. IMO your firejail profiles are fine and you should keep avoiding --dbus-user=none as explained above. Two remarks for further consideration.

  • The consecutive Error: Can't find profile directory messages are a bit unusual (at least to me). I assume your Firefox profile(s) setup is something you've already checked, but to rule this out you could do a quick test with a clean FF copy.
  • Something we haven't touched upon is your desktop environment. I'm specifically interested to know if you happen to use a mixed X11/Wayland setup. If so, you can try adding MOZ_DBUS_REMOTE=1 to the mix. See this short but very informative page from Firefox Guru Martin Stransky's blog. Either add --env=MOZ_DBUS_REMOTE=1 on the command line/in your shell script or set env MOZ_DBUS_REMOTE=1 in a firefox.local override file. Shouldn't take long to see if that does anything positive.
<!-- gh-comment-id:997160123 --> @ghost commented on GitHub (Dec 18, 2021): @ibhagwan I don't have a straightforward do-this-and-it-will-work answer to your issue at the moment. IMO your firejail profiles are fine and you should keep avoiding --dbus-user=none as explained above. Two remarks for further consideration. - The consecutive `Error: Can't find profile directory` messages are a bit unusual (at least to me). I assume your Firefox profile(s) setup is something you've already checked, but to rule this out you could do a quick test with a clean FF copy. - Something we haven't touched upon is your desktop environment. I'm specifically interested to know if you happen to use a mixed X11/Wayland setup. If so, you can try adding `MOZ_DBUS_REMOTE=1` to the mix. See [this](https://mastransky.wordpress.com/2020/03/16/wayland-x11-how-to-run-firefox-in-mixed-environment/) short but very informative page from Firefox Guru Martin Stransky's blog. Either add `--env=MOZ_DBUS_REMOTE=1` on the command line/in your shell script or set `env MOZ_DBUS_REMOTE=1` in a firefox.local override file. Shouldn't take long to see if that does anything positive.
gitea-mirror commented 2026-05-05 09:24:40 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Dec 18, 2021):

The consecutive Error: Can't find profile directory messages are a bit unusual (at least to me). I assume your Firefox profile(s) setup is something you've already checked, but to rule this out you could do a quick test with a clean FF copy.

I will try that.

Something we haven't touched upon is your desktop environment. I'm specifically interested to know if you happen to use a mixed X11/Wayland setup. If so, you can try adding MOZ_DBUS_REMOTE=1 to the mix. See this short but very informative page from Firefox Guru Martin Stransky's blog. Either add --env=MOZ_DBUS_REMOTE=1 on the command line/in your shell script or set env MOZ_DBUS_REMOTE=1 in a firefox.local override file. Shouldn't take long to see if that does anything positive.

Not using wayland, X11/AwesomeWM straight forward setup.

It's worth noting the same setup worked for a long time and then one day stopped working, I can't pinpoint whether it was a firefox update or firejail update that caused this, since then I switched my xdg-open config to open in ungoogled-chromium instead which is also firejailed and works fine.

<!-- gh-comment-id:997160886 --> @ibhagwan commented on GitHub (Dec 18, 2021): >The consecutive Error: Can't find profile directory messages are a bit unusual (at least to me). I assume your Firefox profile(s) setup is something you've already checked, but to rule this out you could do a quick test with a clean FF copy. I will try that. >Something we haven't touched upon is your desktop environment. I'm specifically interested to know if you happen to use a mixed X11/Wayland setup. If so, you can try adding MOZ_DBUS_REMOTE=1 to the mix. See this short but very informative page from Firefox Guru Martin Stransky's blog. Either add --env=MOZ_DBUS_REMOTE=1 on the command line/in your shell script or set env MOZ_DBUS_REMOTE=1 in a firefox.local override file. Shouldn't take long to see if that does anything positive. Not using wayland, X11/AwesomeWM straight forward setup. It's worth noting the same setup worked for a long time and then one day stopped working, I can't pinpoint whether it was a firefox update or firejail update that caused this, since then I switched my `xdg-open` config to open in ungoogled-chromium instead which is also firejailed and works fine.
gitea-mirror commented 2026-05-05 09:24:40 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Dec 18, 2021):

@ibhagwan Thanks for informing us on your specific setup. I do recognize what you describe. The feeling of noticing something broke and not being able to pinpoint stuff. Been there many times, and it keeps happening, no matter how many things one keeps logs of :-). If no one tunes in here with the 'magic bullet' fix and you'd like to return to Firefox in your xdg-open, you could check if firejail-handler-http suits your needs. I wrote these shell scripts specifically to run Firefox in a firejail sandbox with full blocking of D-Bus before we integrated xdg-dbus-proxy into Firejail. They still work okay, if one can live with the usability/workflow impact...

<!-- gh-comment-id:997168396 --> @ghost commented on GitHub (Dec 18, 2021): @ibhagwan Thanks for informing us on your specific setup. I do recognize what you describe. The feeling of noticing something broke and not being able to pinpoint stuff. Been there many times, and it keeps happening, no matter how many things one keeps logs of :-). If no one tunes in here with the 'magic bullet' fix and you'd like to return to Firefox in your xdg-open, you could check if [firejail-handler-http](https://github.com/glitsj16/firejail-handler-http) suits your needs. I wrote these shell scripts specifically to run Firefox in a firejail sandbox with `full blocking of D-Bus` before we integrated xdg-dbus-proxy into Firejail. They still work okay, if one can live with the usability/workflow impact...
gitea-mirror commented 2026-05-05 09:24:41 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Dec 18, 2021):

Firejail, please fix this same issue as it pertains to the LibreWolf version 95 AppImage also.

<!-- gh-comment-id:997221421 --> @Lonniebiz commented on GitHub (Dec 18, 2021): Firejail, please fix this same issue as it pertains to the [LibreWolf version 95 AppImage](https://gitlab.com/librewolf-community/browser/appimage/-/releases) also.
gitea-mirror commented 2026-05-05 09:24:42 -06:00
Author
Owner
Copy link

@cockytrumpet commented on GitHub (Dec 30, 2021):

So, I'm not typing these commands in directly, it is a python script within autokey that is sending the commands to the terminal. That script is only two lines:

import os
os.system("firejail firefox https://github.com/ &")

However, for the test you've requested, I'm going to copy and pasted those lines (one at a time) directly into the terminal:

firejail --name=firefox1 firefox
firejail --join=firefox1 firefox https://github.com &

Result: The first line launched the browser like normal. However, when I entered the second command, I got this error:

Firefox is already running, but is not responding. To use Firefox, you must first close the

does it work if you change your script to

firejail --join=firefox1 firefox --new-tab some-web-site &

I think I'm getting the behavior you are looking for. I don't know how to set this up in KDE, but maybe you can translate my gnome setup to your use.

~/.local/share/applications/Firejail-Firefox.desktop

[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Icon=/home/username/Pictures/firejailed_firefox128.png
Exec=/home/username/bin/firefox.sh %u
Name=X11-Firejailed Firefox
Comment=X11-Firejailed Firefox
StartupWMClass=Xephyr
Terminal=false
MimeType=application/pdf;application/vnd.mozilla.xul+xml;application/xhtml+xml;text/html;text/mml;text/xml;x-scheme-handler/ftp;x-scheme-handler/http;x-scheme-handler/https;
StartupNotify=true
Categories=Network;WebBrowser;
Keywords=web;browser;internet;

~/bin/firefox.sh

#!/bin/sh

no_jail=$(firejail --list | grep "name=firefox")

if $no_jail; then
	/usr/bin/firejail --x11=xephyr --name=firefox --net=br10 --profile=/etc/firejail/firefox.profile openbox --startup "/usr/lib64/firefox/firefox $1"&
	sleep 5
	/usr/bin/firejail --join=firefox xmodmap -e 'keycode 64 = VoidSymbol VoidSymbol'
else
	/usr/bin/firejail --join=firefox /usr/lib64/firefox/firefox --new-tab $1
fi

Set Firejail-Firefox as the default application. xdg-open and right clicking a link in the terminal both work.

<!-- gh-comment-id:1003153934 --> @cockytrumpet commented on GitHub (Dec 30, 2021): > So, I'm not typing these commands in directly, it is a python script within autokey that is sending the commands to the terminal. That script is only two lines: > > ``` > import os > os.system("firejail firefox https://github.com/ &") > ``` > > However, for the test you've requested, I'm going to copy and pasted those lines (one at a time) directly into the terminal: > > ``` > firejail --name=firefox1 firefox > firejail --join=firefox1 firefox https://github.com & > ``` > > **Result:** The first line launched the browser like normal. However, when I entered the second command, I got this error: > > > Firefox is already running, but is not responding. To use Firefox, you must first close the does it work if you change your script to ``` firejail --join=firefox1 firefox --new-tab some-web-site & ``` I think I'm getting the behavior you are looking for. I don't know how to set this up in KDE, but maybe you can translate my gnome setup to your use. ### ~/.local/share/applications/Firejail-Firefox.desktop ``` [Desktop Entry] Encoding=UTF-8 Version=1.0 Type=Application Icon=/home/username/Pictures/firejailed_firefox128.png Exec=/home/username/bin/firefox.sh %u Name=X11-Firejailed Firefox Comment=X11-Firejailed Firefox StartupWMClass=Xephyr Terminal=false MimeType=application/pdf;application/vnd.mozilla.xul+xml;application/xhtml+xml;text/html;text/mml;text/xml;x-scheme-handler/ftp;x-scheme-handler/http;x-scheme-handler/https; StartupNotify=true Categories=Network;WebBrowser; Keywords=web;browser;internet; ``` ### ~/bin/firefox.sh ``` #!/bin/sh no_jail=$(firejail --list | grep "name=firefox") if $no_jail; then /usr/bin/firejail --x11=xephyr --name=firefox --net=br10 --profile=/etc/firejail/firefox.profile openbox --startup "/usr/lib64/firefox/firefox $1"& sleep 5 /usr/bin/firejail --join=firefox xmodmap -e 'keycode 64 = VoidSymbol VoidSymbol' else /usr/bin/firejail --join=firefox /usr/lib64/firefox/firefox --new-tab $1 fi ``` Set Firejail-Firefox as the default application. xdg-open and right clicking a link in the terminal both work.
gitea-mirror commented 2026-05-05 09:24:43 -06:00
Author
Owner
Copy link

@Druco commented on GitHub (Jan 13, 2022):

---------- EDITTED --------:

Sorry about being an idiot, but I forgot that I had made a custom profile for Thunderbird that added the following lines:

# Needed to use kdocker

dbus-user filter
dbus-user.own org.kde.StatusNotifierWatcher
dbus-user.talk org.freedesktop.Notifications

With the "dbus-user filter" line commented out, it works with FF95. Even so, it did work with FF93 even with these lines included, so something did happen between FF93 and FF95.

---------- END EDIT ----------

I am adding this here rather than opening a new bug report because I think it is pretty clearly the same problem.

Description

Attempting to open a URL in Firefox 95 from a link in an email message in Thunderbird causes the same error message as described above (Firefox is already running, but is not responding...) when Firefox and Thunderbird are in sand boxes. Running the identical setup with Firefox 93 works properly so something has changed between FF93 and FF95.

Steps to reproduce

  1. firejail firefox
  2. firejail thunderbird
  3. In a message in thunderbird, click on a URL to open

Expected behavior

The link opens in the existing firefox instance

Actual behavior

Error message stating "Firefox is already running, but is not responding..."

Environment

OpenSuse Tumbleweed 20220109
Firejail 0.9.66
Firefox 95.02
Thunderbird 91.4.1

Behavior without a profile

Starting Firefox without a profile does not fix the problem, however starting Thunderbird without a profile does. As noted above however, if using Firefox 93 rather than Firefox 95 and the same Thunderbird, both with the same firejail profiles, everything works properly.

Checklist

  • The issue is caused by firejail (sort of, in that FF93 works but FF95 does not, but it definitely works without firejail)
  • I can reproduce this without custom modifications
  • Both Firefox and Thunderbird have profiles
  • I (obviously) performed a short search to see if there are similar issues

Notes

  • I updated directly from Firefox 93 to 95 so I never tested FF 94.
  • Almost certainly this is caused by the same issue as the original bug but it seems to me that it is a more common use case and may start affecting more people as they update to the newer Firefox.
  • Attached are dbus-monitor files for a case with FF93 and FF95 if that helps.

sendToFirefox95FromFirejail.txt
sendToFirefox93FromFirejail.txt

<!-- gh-comment-id:1011841527 --> @Druco commented on GitHub (Jan 13, 2022): #### ---------- EDITTED --------: Sorry about being an idiot, but I forgot that I had made a custom profile for Thunderbird that added the following lines: ``` # Needed to use kdocker dbus-user filter dbus-user.own org.kde.StatusNotifierWatcher dbus-user.talk org.freedesktop.Notifications ``` With the "dbus-user filter" line commented out, it works with FF95. Even so, it did work with FF93 even with these lines included, so something did happen between FF93 and FF95. #### ---------- END EDIT ---------- I am adding this here rather than opening a new bug report because I think it is pretty clearly the same problem. ### Description Attempting to open a URL in Firefox 95 from a link in an email message in Thunderbird causes the same error message as described above (Firefox is already running, but is not responding...) when Firefox and Thunderbird are in sand boxes. Running the identical setup with Firefox 93 works properly so something has changed between FF93 and FF95. ### Steps to reproduce 1) firejail firefox 2) firejail thunderbird 3) In a message in thunderbird, click on a URL to open ### Expected behavior The link opens in the existing firefox instance ### Actual behavior Error message stating "Firefox is already running, but is not responding..." ### Environment OpenSuse Tumbleweed 20220109 Firejail 0.9.66 Firefox 95.02 Thunderbird 91.4.1 ### Behavior without a profile Starting Firefox without a profile does not fix the problem, however starting Thunderbird without a profile does. As noted above however, if using Firefox 93 rather than Firefox 95 and the same Thunderbird, both with the same firejail profiles, everything works properly. ### Checklist - [x] The issue is caused by firejail (sort of, in that FF93 works but FF95 does not, but it definitely works without firejail) - [x] I can reproduce this without custom modifications - [x] Both Firefox and Thunderbird have profiles - [x] I (obviously) performed a short search to see if there are similar issues ### Notes - I updated directly from Firefox 93 to 95 so I never tested FF 94. - Almost certainly this is caused by the same issue as the original bug but it seems to me that it is a more common use case and may start affecting more people as they update to the newer Firefox. - Attached are dbus-monitor files for a case with FF93 and FF95 if that helps. [sendToFirefox95FromFirejail.txt](https://github.com/netblue30/firejail/files/7860489/sendToFirefox95FromFirejail.txt) [sendToFirefox93FromFirejail.txt](https://github.com/netblue30/firejail/files/7860491/sendToFirefox93FromFirejail.txt)
gitea-mirror commented 2026-05-05 09:24:43 -06:00
Author
Owner
Copy link

@Druco commented on GitHub (Jan 14, 2022):

As a followup to my above comment, I have found a "fix"/kludge that works at least for now in my setup. Using wireshark to monitor the dbus when firefox and thunderbird were started both with and without firejail, I discovered that when a link was being opened from thunderbird it makes an OpenURL() call with a destination of "org.mozilla.firefox.ZGVmYXVsdA__" so I tried putting:
dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__
in my local firejail/thunderbird.profile and it worked with firejail.

Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works.

I also did a wireshark monitor when using FF 93 (which works without the kludge) and I didn't find this call being made. In fact, I have no idea how FF 93 even got the URL it opened because I couldn't find it in any of the dbus messages in that case. So there was definitely a change between FF 93 and FF 95.

Hopefully this might give a hint to anyone who has a similar problem and more knowledge of dbus messaging than I do.

<!-- gh-comment-id:1012792545 --> @Druco commented on GitHub (Jan 14, 2022): As a followup to my above comment, I have found a "fix"/kludge that works at least for now in my setup. Using wireshark to monitor the dbus when firefox and thunderbird were started both with and without firejail, I discovered that when a link was being opened from thunderbird it makes an OpenURL() call with a destination of "org.mozilla.firefox.ZGVmYXVsdA__" so I tried putting: `dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__` in my local firejail/thunderbird.profile and it worked with firejail. Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works. I also did a wireshark monitor when using FF 93 (which works without the kludge) and I didn't find this call being made. In fact, I have no idea how FF 93 even got the URL it opened because I couldn't find it in any of the dbus messages in that case. So there was definitely a change between FF 93 and FF 95. Hopefully this might give a hint to anyone who has a similar problem and more knowledge of dbus messaging than I do.
gitea-mirror commented 2026-05-05 09:24:43 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jan 14, 2022):

dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__
Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works.

You can use globbing to make things persistent:
dbus-user.talk org.mozilla.firefox.*

<!-- gh-comment-id:1012808199 --> @ghost commented on GitHub (Jan 14, 2022): > dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__ Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works. You can use globbing to make things persistent: ` dbus-user.talk org.mozilla.firefox.*`
gitea-mirror commented 2026-05-05 09:24:44 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 14, 2022):

dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__
in my local firejail/thunderbird.profile and it worked with firejail.

Did you set dbus-user filter? Or where does it come from?

  • I can reproduce this without custom modifications

EDIT: just saw your edit above.

Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works.

It's the hash of your profile (and possible firefox installation).

In fact, I have no idea how FF 93 even got the URL it opened because I couldn't find it in any of the dbus messages in that case.

System-V-IPC / X11-Magic

so something did happen between FF93 and FF95.

Traditionally FF used System-V-IPC/X11-Magic for it's IPC but this does not work with Wayland (MOZ_ENABLE_WAYLAND=1), that's why mozilla implemented an D-Bus based backed for FF's IPC (the are more backend like for windows). Maybe they cleand up the old code and now use always D-Bus.

<!-- gh-comment-id:1012916295 --> @rusty-snake commented on GitHub (Jan 14, 2022): > dbus-user.talk org.mozilla.firefox.ZGVmYXVsdA__ in my local firejail/thunderbird.profile and it worked with firejail. Did you set `dbus-user filter`? Or where does it come from? > > - [x] I can reproduce this without custom modifications EDIT: just saw your edit above. > Now I have no idea where the "ZGVmYXVsdA__" comes from, if it will remain constant across upgrades, or would be different for another user/machine, but for now it works. It's the hash of your profile (and possible firefox installation). > In fact, I have no idea how FF 93 even got the URL it opened because I couldn't find it in any of the dbus messages in that case. System-V-IPC / X11-Magic > so something did happen between FF93 and FF95. Traditionally FF used System-V-IPC/X11-Magic for it's IPC but this does not work with Wayland (`MOZ_ENABLE_WAYLAND=1`), that's why mozilla implemented an D-Bus based backed for FF's IPC (the are more backend like for windows). Maybe they cleand up the old code and now use always D-Bus.
gitea-mirror commented 2026-05-05 09:24:44 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Feb 2, 2022):

@RolKau If you have time, please take a look at this related issue.

<!-- gh-comment-id:1028204713 --> @Lonniebiz commented on GitHub (Feb 2, 2022): @RolKau If you have time, please take a look at this [related issue](https://github.com/netblue30/firejail/issues/4891).
gitea-mirror commented 2026-05-05 09:24:45 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Feb 2, 2022):

Not really sure why the old versions of firefox were able to open links properly even with --dbus-user=none but after the explantion from @glitsj16 I started exploring the dbus angle and after reading #3769 I was able to solve this by removing --dbus-user=none and making sure that I have $DBUS_SESSION_BUS_ADDRESS properly set.

My dbus socket was located in ~/.dbus/session-bus/LONG-ID but I had two files there named <ID>-0 and <ID>-1 (0 being the correct session file) so I added the below to my firefox firejail starting script and now I can open links again in FF:

#!/bin/sh
. `ls ~/.dbus/session-bus/*-0`
export DBUS_SESSION_BUS_ADDRESS
GDK_DPI_SCALE=0.70 firejail --name=firefox --keep-config-pulse firefox
<!-- gh-comment-id:1028385519 --> @ibhagwan commented on GitHub (Feb 2, 2022): Not really sure why the old versions of firefox were able to open links properly even with `--dbus-user=none` but after the explantion from @glitsj16 I started exploring the dbus angle and after reading #3769 I was able to solve this by removing `--dbus-user=none` and making sure that I have `$DBUS_SESSION_BUS_ADDRESS` properly set. My dbus socket was located in `~/.dbus/session-bus/LONG-ID` but I had two files there named `<ID>-0` and `<ID>-1` (`0` being the correct session file) so I added the below to my firefox firejail starting script and now I can open links again in FF: ```sh #!/bin/sh . `ls ~/.dbus/session-bus/*-0` export DBUS_SESSION_BUS_ADDRESS GDK_DPI_SCALE=0.70 firejail --name=firefox --keep-config-pulse firefox ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2744
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?