I'm running Debian 9.1 with KDE and for security purposes I'd like to run Firefox ESR in a sandboxed mode.
However I'd still like to use many normal Firefox features for my normal browsing, download files to my computer and store / access browsing -history and -sessions.
How can I do that?
You have several ways to sandbox Firefox (or any similar application), depending on your exact requirements.
From the lighter to the heavier solution, you mainly have:
Firejail is a software precisely designed to easily sandbox other applications while keeping them on the same root filesystem. It relies on standard Linux features (namespaces and seccomp-bpf) and doesn't do any significant assumption on the underlying system, so it should just work on most common Linux distros. It supports sane X applications sandboxing solution (see the note about X application at the end), provides presets for common usages while supporting a wide range of customization.
Most probably overkill for personal usage, but might be suitable in corporate environment: you can customize AppArmor or SELinux rules to enforce the sandbox. You will most likely have to choose a Linux distribution which already provides a set of base rules in the option you chose. This provides a lower-level sandboxing, which can even be extended onto the network (at least with SELinux, I'm not sure that AppArmor support this), but lower-level mean a far higher amount of work to deploy this solution.
You can sandbox Firefox in its own environment, the lightest way being to use a Linux container (LXC), the heaviest being using a full-fledged virtual machine. By doing this manually you may also have to think of a way to securely transfer data to and from the FIrefox's sandboxed environment.
You can leave general public distros and switch to a security-oriented Linux distribution instead, such as Qubes OS or Subgraph OS. These Linux distribution implements software isolation at their core, Qubes pushing the idea the furthest by relying on a set of Xen virtual machines to also isolate device drivers and Subgraph relying on Linux containers instead. Sandboxing here is not a layer added on top of a general purpose distribution anymore, this means that each of these OS provides its own workflow to handle data transfers between each application, etc.
At last you can also use a dedicated computer for casual browsing, and another one for more sensitive tasks. This is not exclusive with the previous case as it may make sense in particular to run Qubes on such computers to isolate them from a otherwise potentially untrusted network (if you assume that the casual browsing computer may be infected, it means you assume that an attacker may attempt to attack your sensitive computer from within your internal network). This may seem overkill but it is common to use different computers for work and for home, this is no different.
Depending on the solution you choose, you may have to double-check how the display is handled as, under normal circumstances, each X application has access to the interface of every other application, allowing it to interact with them or capture their input and output. Here is a thread giving some clues if you need to build your own custom setup.
