Is Firefox on Android Secure?

Question

Hi, I'm someone who doesn't work in anything to do with Computer Science but loves lurking the internet so pardon my ignorance,Is Firefox on Android unsecure because it doesn't have multi threated browser isolation? I've read several articles about this, like:https://divestos.org/pages/browsershttps://madaidans-insecurities.github.io/firefox-chromium.htmlSo I got really concerned because I've used Firefox on my Android Phone for the last couple of years, and regularly visit "shady" and weird sites.Should I switch to Brave?Thank you.

nateb2022 · Accepted Answer

First off, I'm a big Firefox fan and it is the sole browser I use on desktop. With that said, I would never use Firefox on Android.
According to GrapheneOS (https://grapheneos.org/usage#web-browsing), which is the baseline standard for a hardened Android-based distribution,
> Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives... Chromium has decent exploit mitigations, unlike the available alternatives... Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
If you don't mind switching, I would heartily recommend switching to GrapheneOS. If you're attached to stock Android though, I would definitely say go with a Chrome or Chromium-based browser.

nashashmi · Answer

Use it with UBLOCK extension. And set it to max security. Basically no 3rd party stuff. Not even first party scripts. And allow scripts globally from a limited set of 3rd party sites, and based on each website.It makes for a par experience.

gardenhedge · Answer

Woah, I didn't know any of this. I'll probably go back to Chrome based on this..I tried Brave before but the popup ads were too intrusive.

Is Firefox on Android Secure?

Use it with UBLOCK extension. And set it to max security. Basically no 3rd party stuff. Not even first party scripts. And allow scripts globally from a limited set of 3rd party sites, and based on each website.
It makes for a par experience.

Woah, I didn't know any of this. I'll probably go back to Chrome based on this..
I tried Brave before but the popup ads were too intrusive.