People in the comments already have “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.”
I’m on the go right now. This is a quote for an old privacy guides snapshot, but when I was looking for it, I saw some articles from April saying that this was no longer true, so further searching needed when I get home
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla’s engine, GeckoView, has yet to support site isolation or enable isolatedProcess.
Can you elaborate?
People in the comments already have “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.”
I’m on the go right now. This is a quote for an old privacy guides snapshot, but when I was looking for it, I saw some articles from April saying that this was no longer true, so further searching needed when I get home