Hi everyone,
With the recent wave of sophisticated supply-chain attacks and local credential-harvesting malware (like the latest Arch/AUR security incidents), modern browsers face a fundamental flaw. If a user unknowingly runs a malicious script, an infostealer running under the same user context can easily clone session tokens and password databases like key4.db. No matter how much sandboxing or master-password encryption is applied to the application itself, local file access remains a massive vector.
I want to propose a native high-security architecture. Instead of relying on heavy third-party isolation layers, Firefox could offer a clean, automated setup wizard that leverages native OS privilege separation on both Linux and Windows to protect user data.
How it works on Linux:
The built-in wizard would automatically create a dedicated, low-privilege system user (e.g., firefox-secure) with its own home directory. The main user account is strictly denied read/write permissions to this secure profile via standard chmod rules. To bridge the multi-user environment, launching the browser triggers a native TOTP 2FA prompt using apps like Aegis or Google Authenticator via PAM modules. Even if a local keylogger captures the account password, it cannot access the secure folder or escalate privileges without the rotating 2FA token. The wizard would automatically handle Wayland/PipeWire portal routing in the background so audio, microphone, and file dialogs work seamlessly without the usual multi-user friction.
How it works on Windows:
On Windows, implementing this is technically even more straightforward and consistent due to standardized NTFS permission structures. The Firefox wizard would create a hidden local standard user account and strictly strip all read/write permissions for the main user from that specific AppData\Roaming\Mozilla directory. Since Windows easily allows applications from different user contexts to draw windows on the current active desktop without breaking audio or display paths, the performance and UX would be completely fluid. Firefox would simply register a lightweight Windows background service to handle the secure runas execution, protected by the same Aegis/TOTP 2FA popup window upon launching.
By introducing this feature through an accessible, step-by-step wizard, Firefox would become the absolute benchmark for digital self-defense. It tackles the root cause of desktop credential theft by enforcing strict OS-level boundaries, turning an advanced sysadmin hardening technique into a simple toggle for regular privacy-conscious users.
I would love to hear the thoughts of this idea. I know its maybe not really technical possible, but I reall thought it is a good idea and I dont want to discard it. ^^