As far as I can see in the Linux world, there is not a consensus on how browsers should be installed on a system, and as a consequence there is a divergence of practices. At the center of this issue is the question of whether the security features of the browsers are compromised.
Firefox and Brave browsers have official flatpak packages. On the other hand, there are reasonable arguments that their flatpak packages reduce or remove their security features. So why do the developers of those browsers release official flatpak packages? Either they don’t mind sacrificing security, or there are things that are not as important as claimed.
openSUSE Aeon recommended here includes Firefox’s flatpak package.
Let’s say we installed the browsers with the traditional package types and source tar files, SELinux does not contain policies restricting user applications. Tor and Mullvad browsers are also recommended to be installed directly from the source archive, so they will also have unrestricted access to sensitive files etc. on the system.
So how can immutable -and traditional- distributions be secure to use browsers?