Each year up to 100 new local and remote code execution vulnerabilities in Firefox are found. This is not browser specific, each browser is potentially vulnerable. Running it under your own user account is dangerous since someone can access your personal files. One of the possible solutions to this problem is to run browser under a separate limited user account that can only access its home directory where the browser is installed.
What are the best approaches to this solution? Are there any software or scripts that can facilitate this process?
Currently I successfully run Firefox and Thunderbird under a separate user account on Windows 8 (using the runas
command with the /savecred
option), but there are some problems/limitations:
- Drag&drop does not work: this means you can't drag files when composing a new mail message, which is acceptable and unavoidable due to account isolation.
- Flash and Java also run under the same limited user account. Sometimes it causes problems like high CPU consumption and UI irresponsiveness.
What are the best approaches to this solution? Are there any software or scripts that can facilitate this process?