How to make Firefox Quantum compatible to low integrity level? [very effectice way to prevent malware]
Hi,
in pre Quantum versions, you could make your Firefox safe against malware with a simple trick. It was little known but very effective because it uses Windows tools to limit Firefox abilities to write or modify files. We use the Windows program icacls to limit write access to a selected set of subfolders. Here is how it worked:
icacls "C:\Program Files\Mozilla Firefox\firefox.exe" /setintegritylevel low
icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Temp" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\updates" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Roaming\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\LocalLow\Mozilla" /setintegritylevel (oi)(ci)low
icacls "[...]\Downloads" /setintegritylevel (oi)(ci)low
icacls "[...]\Firefox Profile" /setintegritylevel (oi)(ci)low
Then I updated to Quantum and now this seems to not work anymore. After I secured Firefox in this way and started Firefox, Firefox then doesn't show any websites (just grey area), no popups etc. The whole Firefox UI seems to be broken.
Does anyone know how to fix this? For example, are there additional folders I need to give access to? Or is this not possible in post Quantum Firefox because of this new process architecture etc.?
Izmjenjeno
Izabrano rješenje
I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.
So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.
@FredMcD: I think people can google that themselve.
Pročitaj ovaj odgovor u kontekstu 👍 0Svi odgovori (7)
https://www.computerhope.com/icacls.htm Windows command line icacls command help
FredMcD said
https://www.computerhope.com/icacls.htm Windows command line icacls command help
So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found. I didn't ask how to use icacls, if you really understood my question you would realize that I aready know how to use this, I even successfully applied it to a previous version of Firefox. But newer versions of Firefox seem to not be compatible to this low integrity level, or at least in the way I use it.
@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.
WestEnd said
@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.
This is not about how I got malware, but about how I never got any malware because I knew how to prevent that. And now I am asking a simple technical question about Firefox Quantum and Windows low integrity level. Can you answer that question? If yes, you are welcome. Otherwise, please shut up and stop spreading bad words and false informations. Your post is so wrong. Ever heard of drive-by-infection? Security holes? And AV-Software is typically too slow to react to new threads.
Izmjenjeno
mario67 said
So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found
No. I got that by helping users find solutions. Since most don't know about the icacls command, I posted a link so they can learn about it.
I also call the Big Guys (those with more solutions then I).
Odabrano rješenje
I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.
So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.
@FredMcD: I think people can google that themselve.
I'm glad you found your answer, Mario. :)
Because this thread is solved, and the replies seem to be just arguments, rather than attempts to help, I'm going to lock it.
If your goal is to lock down Firefox, there may be changes that help achieve that in the form of sandboxing - see https://wiki.mozilla.org/Security/Sandbox
If you have any further issues, and you find you're not getting help, just PM the URL.