Add Betterfox

Firefox

Firefox is inherently insecure. I can already see the responses to that source, “Last updated March 2022”, “2/3 year old article”, “Biased and outdated”, but these are often said in a hand-wave manner with the hope that time has fixed the issues present in the article… it has not. Saying the article is old actually makes Firefox look worse, since it hasn’t significantly improved in 3 years. To be fair, there has been improvement but not enough of it to make it comparible to Chromium based browsers (even from 3 years ago). This is especially true on Linux where the sandboxing is very poor, and Android where there is no website sandbox at all. The current Android implementation of the Firefox sandbox (Fission) is not enabled by default (except by IronFox), even if it was enabled the implementation does not use Android’s isolatedProcess flag, which ensures that subprocesses are properly isolated and cannot trivially escalate privilege within the application. Equivalent to Android, Firefox does not have complete sandboxing in Flatpak, it doesn’t even offer a compatibility layer alike to zypak, it just opts to cripple its own security (only recently have they begun offering a warning in environments without user namespaces that sandbox may be degraded, but this warning doesn’t show up in the official and verified Flatpak for Firefox).

Firefox Forks

I don’t think I need to go too much in depth, most FF forks are just regular Firefox with either UI changes or some changes to user-hostile defaults. They typically suffer slower update cycles.
Although, I will talk about 2 specifically, Librewolf and Pale Moon. Librewolf is just Firefox with defaults changed… nothing else. They don’t even maintain the defaults, they just use arkenfox-user.js. They may have some deviated changes but fundamentally it is just arkenfox built-into Firefox with a slower update cycle. Pale Moon uses ancient code with some security patches backported, and it is single-process so it cannot utilize any modern sandboxing technology (such as seccomp or namespaces, or the adjacents on other platforms). You can manually sandbox the browser but that doesn’t isolate sites from each other. This also means that newer security features FF adds (as rare as that is) will not get properly added if they get added at all.