135
Mozilla Now Offers an Official Firefox RPM Package for RPM-Based Linux Distros (9to5linux.com)
submitted 2 months ago by cm0002@lemmings.world to c/linux@programming.dev
14 comments fedilink hide all child comments

Mozilla announced today in a blog post that it is now offering an RPM package of the Firefox open-source web browser for RPM-based GNU/Linux distributions, with an initial focus on the Firefox Nightly releases.

Mozilla already provided a DEB binary package for Debian-based systems, so they’re now offering the same native package installation of Firefox for RPM-based systems, making it a lot easier for users of RPM-based distributions to update their Firefox installations to the latest version on the day of the release.

Using the RPM package over the official binary package offers some benefits, such as better performance due to advanced compiler-based optimizations, hardened binaries with all security flags enabled, access to the latest Firefox releases as fast as possible, and you won’t have to create your own .desktop file anymore

you are viewing a single comment's thread
view the rest of the comments
[-] Neptr@lemmy.blahaj.zone 20 points 2 months ago

The Firefox Flatpak has much weaker isolation because the Flatpak sandbox interferes with the browser sandbox. This means a malicious site can compromise other sites and even the whole browser with a single exploit instead of the two normally required (which is a significant degradation in protection). The specific part blocked by Flatpak is user namespace sandboxing by Firefox. If you can help it, DO NOT install as Flatpak. Snap does not have this problem, but nobody likes Snap. Chromium has a similar problem as a Flatpak.

[-] illusionist@lemmy.zip 3 points 2 months ago

Thanks for the good explanation!

[-] Neptr@lemmy.blahaj.zone 2 points 2 months ago

Yeah np

[-] Die4Ever@retrolemmy.com 2 points 2 months ago

Is this because everything runs as root inside Flatpak? Wouldn't it be possible to run as non-root inside Flatpak?

[-] Neptr@lemmy.blahaj.zone 10 points 2 months ago

No, nothing runs as root in a Flatpak. The problem is that Flatpak stops apps from using unprivileged user namespaces, which is used by all modern browsers to isolate web contents. Because the browser (Firefox) can't use namespaces, a malicious website can use a single exploit instead of needing to chain two separate exploits, making it significantly more likely to break the sandbox.

[-] Die4Ever@retrolemmy.com 3 points 2 months ago

Ah interesting. I was thinking of this post

https://lemmy.dbzer0.com/post/61124103

[-] msage@programming.dev 1 points 2 months ago

Nobody likes snaps because Canonical is exactly like Microsoft: the only thing they could make that wouldn't suck would be vacuums.

this post was submitted on 19 Jan 2026
135 points (99.3% liked)

Linux

12881 readers
738 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev