Merge 52149414ab into 0e769e1426

2024-04-27 09:02:22 +12:00 · 2022-08-18 16:10:43 +08:00 · 2022-08-18 16:10:43 +08:00 · da593f5972
parent 0e769e1426 52149414ab
commit da593f5972
1 changed files with 26 additions and 0 deletions
--- a/linux-workstation-security.md
+++ b/linux-workstation-security.md
@ -722,6 +722,32 @@ if you use sandboxes or virtualization-based isolation around your browser,
 you may have to work extra hard to enable USB pass-through from the
 application to your USB token.

+#### 4: Separate Firefox profiles for each security context
+
+This is an alternative to the two-browser scenario which only requires
+Firefox and allows any number of environments (work, testing web
+applications, webmail and social networks, random browsing, etc.)
+
+Each Firefox profile will have a completely independent configuration,
+including history, cookies, cache, add-ons, network, and privacy and
+security settings, and they can run simultaneously in separate processes. No
+browser data will be shared among the profiles and the process isolation
+will provide an extra barrier against compromises.
+
+Notice that data saved by binary plugins (e.g. Adobe Flash) will still be
+shared among the several profiles (and also across any other browser using
+them). It is recommended to disable the plugins in the most sensitive
+profiles and set them as click-to-run in the others. It is also recommended
+to prevent Flash from saving local data by making its data directory read
+only.
+
+To create a new profile, you should call Firefox passing the option
+`--ProfileManager` and to open the profile selector once another instance is
+already running, call it with the option `--new-instance`. From a usability
+perspective, it is recommended to set each profile to a different theme or
+color scheme, minimizing the risk of confusion when alternating among them.
+
+
 ### Password managers

 #### Checklist