2

Each year up to 100 new local and remote code execution vulnerabilities in Firefox are found. This is not browser specific, each browser is potentially vulnerable. Running it under your own user account is dangerous since someone can access your personal files. One of the possible solutions to this problem is to run browser under a separate limited user account that can only access its home directory where the browser is installed.

What are the best approaches to this solution? Are there any software or scripts that can facilitate this process?

Currently I successfully run Firefox and Thunderbird under a separate user account on Windows 8 (using the runas command with the /savecred option), but there are some problems/limitations:

  • Drag&drop does not work: this means you can't drag files when composing a new mail message, which is acceptable and unavoidable due to account isolation.
  • Flash and Java also run under the same limited user account. Sometimes it causes problems like high CPU consumption and UI irresponsiveness.
Improve this question
5
  • So... what exactly is the question here?
    – Sam Axe
    Commented Apr 27, 2014 at 8:30
  • What are the best approaches to this solution? Are there any software or scripts that can facilitate this process?
    – Jamie
    Commented Apr 27, 2014 at 9:07
  • Try to apply EMET to Firefox: blogs.technet.com/b/srd/archive/2014/02/25/…
    – magicandre1981
    Commented Apr 27, 2014 at 18:19
  • I find utapyngo's approach an efficient solution to sandbox Firefox and restrict attacs on Firefox to the separate account.
    – weberjn
    Commented May 25, 2017 at 22:49
  • Boo. @SamAxe learn to read.
    – Hellreaver
    Commented Aug 4, 2020 at 18:58

2 Answers 2

Reset to default
1

Try this:

RUNAS /trustlevel:0x20000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

This should run Firefox with the Basic User trustlevel.

Improve this answer
1
  • Thank you. It is an interesting option. However, I don't think using this option will change anything, since Basic User is the only trustlevel shown by runas /showtrustlevels on my machine. I presume, it is used by default anyway.
    – utapyngo
    Commented May 1, 2014 at 6:39
-1

I strongly recommend, if you worry about your safety so much, go find a image file of Windows 8, Windows 7, Windows XP and whatever you want, and use VirtualBox to surf the net always.

Improve this answer
2
  • 3
    VirtualBox is also not free from code execution vulnerabilities. And since its core runs with administrative privileges, surfing the web through VirtualBox can be even more dangerous.
    – utapyngo
    Commented Apr 27, 2014 at 9:13
  • I don't know, but I am not sure that it can access file outside your VirtualBox. Just use it for your browser, don't use it for other things, or make another virtual machine.
    – Jamie
    Commented Apr 27, 2014 at 9:19

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .