We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已关闭并存档。 如果需要帮助请提出新问题。

How to make Firefox Quantum compatible to low integrity level? [very effectice way to prevent malware]

  • 7 个回答
  • 1 人有此问题
  • 2 次查看
  • 最后回复者为 Chris Ilias

more options

Hi,

in pre Quantum versions, you could make your Firefox safe against malware with a simple trick. It was little known but very effective because it uses Windows tools to limit Firefox abilities to write or modify files. We use the Windows program icacls to limit write access to a selected set of subfolders. Here is how it worked:

icacls "C:\Program Files\Mozilla Firefox\firefox.exe" /setintegritylevel low
icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Temp" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\updates" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Roaming\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\Local\Mozilla\Firefox" /setintegritylevel (oi)(ci)low
icacls "C:\Users\[...]\AppData\LocalLow\Mozilla" /setintegritylevel (oi)(ci)low
icacls "[...]\Downloads" /setintegritylevel (oi)(ci)low
icacls "[...]\Firefox Profile" /setintegritylevel (oi)(ci)low

Then I updated to Quantum and now this seems to not work anymore. After I secured Firefox in this way and started Firefox, Firefox then doesn't show any websites (just grey area), no popups etc. The whole Firefox UI seems to be broken.

Does anyone know how to fix this? For example, are there additional folders I need to give access to? Or is this not possible in post Quantum Firefox because of this new process architecture etc.?

Hi, in pre Quantum versions, you could make your Firefox safe against malware with a simple trick. It was little known but very effective because it uses Windows tools to limit Firefox abilities to write or modify files. We use the Windows program icacls to limit write access to a selected set of subfolders. Here is how it worked: icacls "C:\Program Files\Mozilla Firefox\firefox.exe" /setintegritylevel low <br/> icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Temp" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Mozilla\updates" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Roaming\Mozilla\Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\Local\Mozilla\Firefox" /setintegritylevel (oi)(ci)low <br/> icacls "C:\Users\[...]\AppData\LocalLow\Mozilla" /setintegritylevel (oi)(ci)low <br/> icacls "[...]\Downloads" /setintegritylevel (oi)(ci)low <br/> icacls "[...]\Firefox Profile" /setintegritylevel (oi)(ci)low <br/> Then I updated to Quantum and now this seems to not work anymore. After I secured Firefox in this way and started Firefox, Firefox then doesn't show any websites (just grey area), no popups etc. The whole Firefox UI seems to be broken. Does anyone know how to fix this? For example, are there additional folders I need to give access to? Or is this not possible in post Quantum Firefox because of this new process architecture etc.?

由mario67于修改

被采纳的解决方案

I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.

So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.

@FredMcD: I think people can google that themselve.

定位到答案原位置 👍 0

所有回复 (7)

more options

https://www.computerhope.com/icacls.htm Windows command line icacls command help

more options

FredMcD said

https://www.computerhope.com/icacls.htm Windows command line icacls command help

So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found. I didn't ask how to use icacls, if you really understood my question you would realize that I aready know how to use this, I even successfully applied it to a previous version of Firefox. But newer versions of Firefox seem to not be compatible to this low integrity level, or at least in the way I use it.

more options

@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.

more options

WestEnd said

@mario67, and your first line of reply is why you won't get any help. If your getting malware then you should stop going to black sites that are malware infected and not using proper A/V is another reason why you get malware. Also downloading malware infected software is another way to get malware. So malware only gets on the computer because you the user choose to go to those sites and got infected the Browser itself doesn't do the infections.

This is not about how I got malware, but about how I never got any malware because I knew how to prevent that. And now I am asking a simple technical question about Firefox Quantum and Windows low integrity level. Can you answer that question? If yes, you are welcome. Otherwise, please shut up and stop spreading bad words and false informations. Your post is so wrong. Ever heard of drive-by-infection? Security holes? And AV-Software is typically too slow to react to new threads.

由mario67于修改

more options

mario67 said

So this is how you became a "top 10 contributor"? You just google some random keywords from the question and then post a random link you found

No. I got that by helping users find solutions. Since most don't know about the icacls command, I posted a link so they can learn about it.

I also call the Big Guys (those with more solutions then I).

more options

选择的解决方案

I found this here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433065 which is highly related.

So there are indeed some architectural changes that prevent low integtrity level mode from working properly. I think this is too technical now for this forum. Here seems to be the place for people who don't know the basics and ask questions like "How do I download a file" or similar. But for real technical discussions I have to go somewhere else it seems. I will mark this as closed / solved and move the discussion to bugzilla.

@FredMcD: I think people can google that themselve.

more options

I'm glad you found your answer, Mario. :)

Because this thread is solved, and the replies seem to be just arguments, rather than attempts to help, I'm going to lock it.

If your goal is to lock down Firefox, there may be changes that help achieve that in the form of sandboxing - see https://wiki.mozilla.org/Security/Sandbox

If you have any further issues, and you find you're not getting help, just PM the URL.