Here's to hoping they maintain this for a while. There are a lot of "hardened Firefox" forks around, none of them that I would trust to follow upstream for a long enough time to switch.
I already trust Mullvad enough to use as VPN, and am likely willing to extend that trust to a fork of Firefox they manage, but truthfully, I always concerned when achieving goals means new ventures and projects as it may mean resources are moving to other areas and may impact their code product. I like my core providers to do one thing and do it well.
"Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet."
Your quoted part seems to refer to people using the OS browser component in some contexts (eg app embedded web content) and the actual browser app in others. It's good to be aware of but claiming the resulting attack surface is the union is only technically correct. The resulting risk is not increased correspondingly as you are not accessing most content through 2 browsers.
This is good reminder, thank you. I am an advocate and user of GrapheneOS, but often find myself using Firefox because of Sync, and because of the bottom toolbar -- which is ridiculous to think about.
I understand the want to stay close to upstream and requests for such "usability" tweaks this should go to Chromium.
Alas the rigidity of the GrapheneOS project is a double edged sword.
> There are a lot of "hardened Firefox" forks around
Sticking with LibreWolf for now, which has updates disabled in the policies section, but I frequently ping their Gitlab for new releases. It's annoying having to do that, but if it means I get security patches in time, I do it.
> Bromite seems like its sticking around, fortunately.
Only barely, unfortunately.
I've since moved to Vanadium for anything untrusted and/or critical. It's still missing some features I'll enjoy seeing added, but it's improved considerably lately.
I do not like Brave's business model (replacing web ads with their own, even setting the crypto thing aside), but I will check out your link if Bromite fizzles out.
I already trust Mullvad enough to use as VPN, and am likely willing to extend that trust to a fork of Firefox they manage, but truthfully, I always concerned when achieving goals means new ventures and projects as it may mean resources are moving to other areas and may impact their code product. I like my core providers to do one thing and do it well.
Edit: I hope they bring this to Android also!