What minimum Snap permissions does Firefox require?

Hi,

I have a question to the Snap permissions for Firefox. For security reasons, I want to give Firefox the minimum of permissions which you can grant via Settings => Apps => Firefox Web Browser (Ubuntu 24.04).

Many are self-explanatory, but there are some where I can’t imagine what that means and whether Firefox really needs such permission to run correctly. I am talking about these authorizations:

  • Run in Background
  • Detect network devices using mDNS/DNS-SD
  • system-files
  • gsettings
  • Access hardware information
  • Mount-control
  • login-session-observe
  • opengl
  • system-packages-doc
  • Read/write access to U2F devices exposed
  • Access energy usage data

So, my question is: Does Firefox really need one of these above permissions to run correctly or can I turn them off?

Thank you for your help!

Phill

There is interface documentation to learn what these options may enable. The short answer is “yes” it needs them. Does every user of Firefox leverage the capabilities that every interface grants access to? Almost certainly not.

I can speculate why it needs most of them, but you’d really need to look through the build configuration for some, and perhaps read some old issues to understand what the addition of an interface fixed, to fully know.

1 Like

Perhaps disable them all and then add one by one until the app starts again ? :stuck_out_tongue:

1 Like

Hi!

@popey Thanks a lot! That’s exactly what I was looking for, so I can read all the authorizations there.

@ogra Well, I already did. Until I saw by chance that Firefox’s own User-Namespaces was not working. After a long search, I found out that it was due to the “browser support”, which was deactivated. That’s why I asked here to avoid such security-critical mistakes.

1 Like
  • Run in Background

Not sure, it’ll be for notifications functionality when the GUI is closed but I’m unsure practically if Firefox uses this.

  • Detect network devices using mDNS/DNS-SD

You’ll break WebRTC functionality with your local network, so that applications such as Discord; which might be able to establish a P2P connection within your NAT, will instead be forced to establish this through the public internet increasing latency and exposing data unnecessarily. If you don’t use these types of apps or have other devices, you might not ever notice.

  • system-files

This one needs context of the actual files its giving access to as it’s not pre-defined. For Firefox, I know that one of them is for /etc/firefox which enables the system administrator to set policies at a system level. You’d break this but perhaps more.

  • gsettings

This can probably be turned off, it allows Firefox to access the users host gsettings (system configuration akin to the Windows Registry) . However, the underlying packages I believe work differently if they detect they’re in a snap anyway so this MIGHT be safe to remove but I’m unsure fully how much you’re risking.

  • Access hardware information

You’ll want to keep this available so that Firefox can enable quirks for stuff like GPU drivers, as well as potentially detecting peripherals.

  • Mount-control

:person_shrugging:t2:, possibly safe to remove but I can’t think of hypothetical cases for it.

  • login-session-observe

Likely to help with efficiency of background tabs and services, but similar to the above.

  • opengl

You absolute could remove this, but you’d be forcing everything to run on the CPU, including video acceleration, and would be effectively setting your browser performance back 15 years in doing so. All this does is let Firefox access your GPU.

  • system-packages-doc

Pretty safe to remove but pretty pointless to do so, some apt packages might install tutorials and documentation to your system. This provides Firefox the ability to open that documentation and avoid permission errors. These docs are literally copy and paste between every user and read only too. You might never notice not having it, but there’s basically nothing to lose in doing so.

  • Read/write access to U2F devices exposed

If you have yubikeys and the like, keep this on. If you don’t, you can technically remove it. It’ll power WebAUTH API’s so would be silly to remove if you were using these peripherals, but if you’re not, you’ll probably never notice it. That said, it’s scoped to the point I’d say don’t bother too.

  • Access energy usage data

Putting background tabs to sleep & etc.

In effect, you technically can remove a fair few of these, but I also can’t see any that I’d say are worth bothering with.

This should be enabled by default, and would suggest someone at some point has changed it. The default installation in Ubuntu as well as the default setup when not included by default but installed everywhere should have this on by default.

1 Like

A big “Thank you” to you, @James-Carroll ! :+1: Your explanations have helped me a lot.

Yes, that is correct. I have just checked it in a fresh Ubuntu-VM and it is activated by default.

Are there any (other) security tips for the Snap-Firefox or is it okay the way it is?

You could consider disconnecting the home interface (though would have to train your users to use ~/snap/firefox/common for downloads)

Giving the browser access to all user data is definitely the biggest security risk over all the other mediated interfaces you disconnected before …

1 Like

Thank you for the hint, @ogra That’s a good idea. I had in mind switching off access completely but that wouldn’t have been very user-friendly :sweat_smile:

How can I set this that the ~/snap/firefox/common-folder is used for downloads?

Uh, not sure how you set such default download location programmatically (there is some way to provide a pre-made profile through some place in /etc but I’m not sure about the exact place or name)

EDIT: here we go: FireFox snap no longer reads /usr/lib/firefox for customization - #28 by _Tom

1 Like

Great, thank you! I will have a look on this :+1: