How to run Firefox in Protected Mode? (i.e. at low integrity level)
Unfortunately there is currently no way of running Firefox in Protected Mode.
If you're not running 64-bit Windows, you can get something somewhat similar using Sandboxie.
You can run Firefox in low integrity mode using the following commands:
icacls "C:\Program Files\Mozilla Firefox\Firefox.exe" /setintegritylevel low
icacls "C:\Program Files\Mozilla Firefox" /setintegritylevel(oi)(ci) low /t
icacls "C:\Users\*username*\AppData\Local\Temp" /setintegritylevel(oi)(ci) low /t
icacls "C:\Users\*username*\AppData\Local\Mozilla" /setintegritylevel(oi)(ci) low /t
icacls "C:\Users\*username*\AppData\Roaming\Mozilla" /setintegritylevel(oi)(ci) low /t
icacls "C:\Users\*username*\Downloads" /setintegritylevel(oi)(ci) low /t
Note that you'll need to run the second batch for each user on your system, customising username, otherwise they'll get a "Firefox is already running" message box.
However this setup does cause the following quirks:
- Profile manager may not behave correctly.
- You'll get a security warning every time you start Firefox.
- Downloads can only be placed in low integrity directories (hence Downloads is marked as low integrity above).
- Opening downloads directly from Firefox will generally fail.