Mozilla Now Offers an Official Firefox RPM Package for RPM-Based Linux Distros - 9to5Linux
9to5linux.com
Mozilla announces a dedicated RPM package for Firefox users of RPM-based distributions who want to install Firefox as a native RPM package.

Mozilla announced today in a blog post that it is now offering an RPM package of the Firefox open-source web browser for RPM-based GNU/Linux distributions, with an initial focus on the Firefox Nightly releases.

Mozilla already provided a DEB binary package for Debian-based systems, so they’re now offering the same native package installation of Firefox for RPM-based systems, making it a lot easier for users of RPM-based distributions to update their Firefox installations to the latest version on the day of the release.

Using the RPM package over the official binary package offers some benefits, such as better performance due to advanced compiler-based optimizations, hardened binaries with all security flags enabled, access to the latest Firefox releases as fast as possible, and you won’t have to create your own .desktop file anymore

    • N.E.P.T.R@lemmy.blahaj.zoneEnglish
      1·
      2 days ago

      The Firefox Flatpak has much weaker isolation because the Flatpak sandbox interferes with the browser sandbox. This means a malicious site can compromise other sites and even the whole browser with a single exploit instead of the two normally required (which is a significant degradation in protection). The specific part blocked by Flatpak is user namespace sandboxing by Firefox. If you can help it, DO NOT install as Flatpak. Snap does not have this problem, but nobody likes Snap. Chromium has a similar problem as a Flatpak.

      • Die4Ever@retrolemmy.comEnglish
        1·
        2 days ago

        Is this because everything runs as root inside Flatpak? Wouldn’t it be possible to run as non-root inside Flatpak?

        • N.E.P.T.R@lemmy.blahaj.zoneEnglish
          2·
          2 days ago

          No, nothing runs as root in a Flatpak. The problem is that Flatpak stops apps from using unprivileged user namespaces, which is used by all modern browsers to isolate web contents. Because the browser (Firefox) can’t use namespaces, a malicious website can use a single exploit instead of needing to chain two separate exploits, making it significantly more likely to break the sandbox.

      • msage@programming.dev
        11·
        2 days ago

        Nobody likes snaps because Canonical is exactly like Microsoft: the only thing they could make that wouldn’t suck would be vacuums.