- Custom-made Installer and Uninstaller for easy testing and smooth upgrades
- Firefox Process Mitigations are set with the installer
- Changed directories for binaries and profile for better ACL management:
- Binaries are installed to:
%PROGRAMFILES%\SandboxYourFox - Profile directory:
%LOCALAPPDATA%\Packages\appcontainer.launcher\AC\Profile - Downloads directory:
%LOCALAPPDATA%\Packages\appcontainer.launcher\AC\Downloads
- Binaries are installed to:
- Submitted a patch upstream to make future builds easier
- Switched from wsudo to Microsoft's LaunchAppContainer
- Fixed a crash on the
about:supportpage - ACLs are set which give permission specifically to container
appcontainer.launcherfor:%APPDATA%\Mozilla%LOCALAPPDATA%\MozillaHKEY_CURRENT_USER\Software\Mozilla
- Added SetAppContainerACL program for setting file system and registry ACL permissions
This runs Firefox within an AppContainer (LPAC) with it's own profile that is contained separately from any other Firefox profile that you may already have. Therefore, you can play around with this and test it without affecting your regular Firefox installation or your regular profile.
- Firefox running in a secure AppContainer (LPAC) sandbox
- Firefox running in single process mode (E10s/Fission disabled)
- Firefox running in Private Browsing Mode
- Firefox EME-free (no DRM)
- No updates except from here (since
MOZ_FORCE_DISABLE_E10SrequiresMOZILLA_OFFICIALto not be set, meaning has to be unofficial build) - Regular browsing mode crashes due to Shared Web Content process (workaround)
- DRM components fail (no Netflix, Disney Plus, etc.)
- Firefox Sync does not work
- Picture-in-Picture Mode (causes Firefox to crash)
- Built-in Translations feature (causes Firefox to crash)
Simply run the installer from the latest release. It will take care of everything needed.
You don't need to uninstall before upgrading. Just run the latest installer. It will remove the older release files and install the newer version.
Run the uninstaller directly from: %PROGRAMFILES%\SandboxYourFox\Uninstall.exe
The uninstaller will first ask if you want to uninstall SandboxYourFox program files. Then it will ask if you want to remove your Profile as well. This gives the opportunity to keep your Profile when uninstalling just in case it is still needed later.
SetAppContainerACL program is located %PROGRAMFILES%\SandboxYourFox\SetAppContainerACL.exe.
This will set ACL permissions specifically (and only) for AppContainer.Launcher which is associated with the following SID:
S-1-15-2-3573185071-1305232710-3586399557-853445500-2893132591-3326066854-537196996
You may decide that you need Firefox to access other files, directories or registry keys which are not accessible to LPAC processes by default. That is what this tool is for.
Usage Examples:
C:\Example
C:\Example\Example.txt
C:\Program Files\Example
Registry::CURRENT_USER\Software\Example
Registry::LOCAL_MACHINE\SOFTWARE\Example
Important:
Please remember that setting ACL permissions on certain directories (eg. C:\Program Files and C:\Windows) and registry keys (eg. HKEY_LOCAL_MACHINE) require running SetAppContainerACL as Admin.
Regular browsing mode (caching, history, cookies, etc.) for the first several years of this project had always crashed. This was due to a Shared Web Content process that was started even with Fission disabled.
Recently, I have discovered that there is a way to use regular browsing mode with SandboxYourFox that remembers your browsing session to session. SandboxYourFox absolutely must be started in Private Browsing mode to avoid the Shared Web Content process. From there, you can open a regular New tab (New window) and this will deal with your sessions (caching, history, cookies, etc.) as per normal and no Shared Web Content process is started using this method.
Contains:
distribution.iniwhich sets EME-free modepolicies.jsonwhich disables updates and sets Downloads directorychannel-prefs.jswhich sets the update channel (updates not used anyway)syspref.jswhich contains most prefs that SandboxYourFox needs to function