X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwavalwa lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

How to make Firefox Quantum compatible to low integrity level? [very effectice way to prevent malware]

Kuphostiwe

Hi,

in pre Quantum versions, you could make your Firefox safe against malware with a simple trick. It was little known but very effective because it uses Windows tools to limit Firefox abilities to write or modify files. We use the Windows program icacls to limit write access to a selected set of subfolders. Here is how it worked:

icacls "C:\Program Files\Mozilla Firefox\firefox.exe" /setintegritylevel low
icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Temp" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\updates" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Roaming\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\LocalLow\Mozilla" /setintegritylevel (oi)(ci)low
icacls "[...]\Downloads" /setintegritylevel (oi)(ci)low
icacls "[...]\Firefox Profile" /setintegritylevel (oi)(ci)low

Then I updated to Quantum and now this seems to not work anymore. After I secured Firefox in this way and started Firefox, Firefox then doesn't show any websites (just grey area), no popups etc. The whole Firefox UI seems to be broken.

Does anyone know how to fix this? For example, are there additional folders I need to give access to? Or is this not possible in post Quantum Firefox because of this new process architecture etc.?

Hi, in pre Quantum versions, you could make your Firefox safe against malware with a simple trick. It was little known but very effective because it uses Windows tools to limit Firefox abilities to write or modify files. We use the Windows program icacls to limit write access to a selected set of subfolders. Here is how it worked: icacls "C:\Program Files\Mozilla Firefox\firefox.exe" /setintegritylevel low <br/> icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Temp" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Mozilla\updates" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Roaming\Mozilla\Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Mozilla\Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\LocalLow\Mozilla" /setintegritylevel (oi)(ci)low <br/> icacls "[...]\Downloads" /setintegritylevel (oi)(ci)low <br/> icacls "[...]\Firefox Profile" /setintegritylevel (oi)(ci)low <br/> Then I updated to Quantum and now this seems to not work anymore. After I secured Firefox in this way and started Firefox, Firefox then doesn't show any websites (just grey area), no popups etc. The whole Firefox UI seems to be broken. Does anyone know how to fix this? For example, are there additional folders I need to give access to? Or is this not possible in post Quantum Firefox because of this new process architecture etc.?

Okulungisiwe ngu mario67

Isisombululo esikhethiwe

I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.

So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.

@FredMcD: I think people can google that themselve.

Funda le mpendulo ngokuhambisana nalesi sihloko 0
FredMcD
  • Top 10 Contributor
4224 izisombululo 58969 izimpendulo
Kuphostiwe

https://www.computerhope.com/icacls.htm Windows command line icacls command help

https://www.computerhope.com/icacls.htm Windows command line icacls command help

Umnikazi wombuzo

FredMcD said

https://www.computerhope.com/icacls.htm Windows command line icacls command help

So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found. I didn't ask how to use icacls, if you really understood my question you would realize that I aready know how to use this, I even successfully applied it to a previous version of Firefox. But newer versions of Firefox seem to not be compatible to this low integrity level, or at least in the way I use it.

''FredMcD [[#answer-1118637|said]]'' <blockquote> https://www.computerhope.com/icacls.htm Windows command line icacls command help </blockquote> So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found. I didn't ask how to use icacls, if you really understood my question you would realize that I aready know how to use this, I even successfully applied it to a previous version of Firefox. But newer versions of Firefox seem to not be compatible to this low integrity level, or at least in the way I use it.
WestEnd
  • Top 25 Contributor
62 izisombululo 5373 izimpendulo
Kuphostiwe

@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.

@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.

Umnikazi wombuzo

WestEnd said

@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.

This is not about how I got malware, but about how I never got any malware because I knew how to prevent that. And now I am asking a simple technical question about Firefox Quantum and Windows low integrity level. Can you answer that question? If yes, you are welcome. Otherwise, please shut up and stop spreading bad words and false informations. Your post is so wrong. Ever heard of drive-by-infection? Security holes? And AV-Software is typically too slow to react to new threads.

''WestEnd [[#answer-1118643|said]]'' <blockquote> @mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections. </blockquote> This is not about how I got malware, but about how I never got any malware because I knew how to prevent that. And now I am asking a simple technical question about Firefox Quantum and Windows low integrity level. Can you answer that question? If yes, you are welcome. Otherwise, please shut up and stop spreading bad words and false informations. Your post is so wrong. Ever heard of drive-by-infection? Security holes? And AV-Software is typically too slow to react to new threads.

Okulungisiwe ngu mario67

FredMcD
  • Top 10 Contributor
4224 izisombululo 58969 izimpendulo
Kuphostiwe

mario67 said

So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found

No. I got that by helping users find solutions. Since most don't know about the icacls command, I posted a link so they can learn about it.

I also call the Big Guys (those with more solutions then I).

''mario67 [[#answer-1118642|said]]'' <blockquote> So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found </blockquote> No. I got that by helping users find solutions. Since most don't know about the icacls command, I posted a link so they can learn about it. I also call the Big Guys (those with more solutions then I).

Isisombululo Esikhethiwe

I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.

So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.

@FredMcD: I think people can google that themselve.

I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related. So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla. @FredMcD: I think people can google that themselve.
Chris Ilias
  • Moderator
353 izisombululo 1941 izimpendulo
Kuphostiwe

I'm glad you found your answer, Mario. :)

Because this thread is solved, and the replies seem to be just arguments, rather than attempts to help, I'm going to lock it.

If your goal is to lock down Firefox, there may be changes that help achieve that in the form of sandboxing - see https://wiki.mozilla.org/Security/Sandbox

If you have any further issues, and you find you're not getting help, just PM the URL.

I'm glad you found your answer, Mario. :) Because this thread is solved, and the replies seem to be just arguments, rather than attempts to help, I'm going to lock it. If your goal is to lock down Firefox, there may be changes that help achieve that in the form of sandboxing - see https://wiki.mozilla.org/Security/Sandbox If you have any further issues, and you find you're not getting help, just PM the URL.