DATE CHECKED THIS PAGE WAS VALID: 30/08/2023
As we are running a testing version of Debian, it is crucial to take extra precautions in protecting the box against malicious vectors.
Unfortunately the web browser is one of the best ways to be compromised, and to ensure that we protect a testing box, we will move to a sandboxed environment with strict containment (snapd) of Firefox esr. While some people have misgivings about snap, it is a better security model and we will take advantage of that here as we are using testing as a daily driver.
So in Debian lets open a terminal and type:
(Note: If you have a firefox profile you have been using you will need to back that up or you will lose all your tabs/saved passwords etc if you dont make a copy first.)
sudo apt-get purge firefox-esr
You will note that if you read the output Debian must have a web browser installed as part of its apt requirements (untrue on debian 12?) so it will suggest chromium instead of Firefox. We will accept this recommendation and just press y. We want a sandboxed version of Firefox for daily use and will keep chromium as a backup browser in case we need it.
If it does not ask to install another browser you can do it by:
sudo apt-get install chromium
Now we need to install snaps:
sudo apt-get autoremove
sudo apt-get install snapd
sudo apt-get install gnome-software-plugin-snap
sudo systemctl list-unit-files | grep snap
sudo systemctl start snapd.service
sudo snap search firefox
sudo snap info firefox
sudo snap install firefox --channel=esr/stable
sudo reboot
(Reboot is done or snap doesn't seem to initialize properly and add firefox to your list of apps in the activities menu. I did take a quick look for a service that needed started but wasn't able to see one really quickly so just moved on. Everything works as expected after the reboot anyway but feel free to poke around a bit more if you want to try avoid rebooting. Most likely something isn't initialized right after install of snapd.)
Firefox is now working as the ESR snap on Debian also :)
=== Notes ===
Notes: