22.04 - Firefox can no longer save to network folders

When using Firefox browser, we use to be able to save (e.g.: PDF files) directly to smb network folders.

After the upgrade to 22.04 that is no longer the case. There is no network folders listed on the save portal/dialog nor can we type them manually. Falkon can save them, but not Firefox.

Firefox is crucial to our work.

Any idea what the problem is?
Is there any workaround?

Thank you!

1 Like

Snap packages run in a confined environment, which increases security.

It has access to your $HOME or home directory; but not other directories on your system; though you can also grant it permission to read/write from specific directories such as /mnt/ & /media/.

You’ve provided no specifics as to what directory you’re asking about; but I’m guessing it’s outside of your user directory? Is this true? and what directory?

Since chromium was changed to a snap in mid-2019 (I’m on the development release so see changes before most users do) I created a duplicate entry for my NFS shares in /mnt/ so I could access them via chromium and use the same with firefox now it’s a snap package). Some details maybe gained here.

2 Likes

i’m trying to access to smb://192.168.1.100/data/shared

It’s a pretty normal share in a windows computer. I had access to it in previous 21.10… but not anymore. Is there someway i can regain access to it?

2 Likes

I was asking where you have it mounted… or haven’t you mounted it?

When firefox was a deb package, it didn’t matter where it was mounted, however now that it’s a snap (with higher security due to confinement) it needs to be mounted inside $HOME or via the directory /mnt/ or /media/.

If you currently don’t have it mounted, I’d suggest mounting it & mounting it in a location accessible to snap packages such as a directory inside /mnt/ or /media/.

In my own example, my NFS shares are mounted exactly as I did before; but I added a second mount (via the file-system-table or /etc/fstab) that is RO in /mnt/ so I can upload to chromium & firefox… The RO (read-only) is just a quirk/choice of mine, as I prefer not saving files to my network shares from a browser.

2 Likes

I don’t have it mounted.
I didn’t actually even had any plans to do it considering the many computers i would have to do it…

Without mounting them locally, is there no way to access them like we used to?

By the way, does this also happens in flatpak?

2 Likes

I can’t answer with authority if it’s not been mounted (I’d have to perform some checks to validate it but I can’t currently); but I suspect your temporary mount will cause it to be mounted in /tmp/ or another location which snap packages cannot access due to confinement [security].

My choice would be controlling the mount via *fstab` (file-system table) entry.

I suspect you won’t have that issue with a flatpak version of firefox, however I’m not a user of flatpak so cannot speak with authority here sorry, and don’t have time (or a running NAS device up) on which to perform a test.

2 Likes

So… it’s not a “it just works” anymore.

Now we’ll have to manually configure it so that it works as it used to…
All of this for the sake of using snap’s “extra” security…

In another words, we sacrificed usability for “security” (that i’m not sure was worth sacrificing…)

bah, humbug…

2 Likes

That’s what it always boils down to. The only secure computer is a computer that nobody can use. Otherwise, there’s always some security risk.

In this case, I can see why they made that choice, but I’m not sure the benefits justify the fallout.

Given the newness of it all, there will be wrinkles to iron out. Someone smarter than I will come up with a solution. As a matter of personal preference, I really don’t use Firefox outside of my testing. So, I won’t be of assistance. I just wanted to tack on my thoughts.

3 Likes

Well, but when things like this happen, i think it means something is not ready to go mainstream.

In other words, if this limits Firefox from accessing network folders (which i can’t see why they choose it) and if the only way to go around this is to manually mount the share… well… i don’t thing it should be taken mainstream, just because ubuntu keeps saying it’s linux for everyone (not just the techies)… and this requires extra knowledge… it’s not the regular “joe” that does this…

2 Likes

There are some repositories that still carry the deb version of firefox.
e.g ppa:mozillateam/ppa
or Ubuntuzilla

On my machine, the deb version starts up in 5 secs compared to 1 to 2 mins for the snap version :roll_eyes:

(btw: the reason why you didn’t have to mount it before is because the smb:// url is probably a gio enabled gvfs type URI (pcmanfm can also use these) and they mount to /run/user/<your_uid>gvfs when they are first accessed / not that it helps any)

1 Like

Firstly, to get your SMB shares working again: MountWindowsSharesPermanently - Ubuntu Wiki I believe you should mount the share under /media/<whatever>. You may need to give Firefox removable media access - I think the solution for doing this can be found from these two links: How can Snap permissions be viewed and modified? - Ask Ubuntu and https://snapcraft.io/docs/removable-media-interface

Now for a bit of why I think the change to snap was probably a good one:

I think the thinking here is, all of the features that a regular home user would expect to work out of the box, work. No tweaks needed. You can browse, download, blog, etc. on Firefox with no tweaks. If you’re using more advanced features like SMB shares, the devs assume you know what you’re doing and can stand to have to run a few commands or tweak a file or two to get things up and running.

I know it seems like this “security” feature is ridiculous, but you would be highly alarmed if you knew just how bad one humdinger of a cyberattack can be, and how easy it is to accidentally let one slip through the cracks. For instance, maybe someone’s secretary didn’t get a Firefox update as quickly as everyone else, and it left a security hole. They click on a bad website on accident (like I have so many times), which proceeds to exploit the security hole and gain access to the secretary’s system. From there, it’s able to leak sensitive emails and files, and modify data. The hacker puts in a backdoor that adds malicious LibreOffice macros onto macro-enabled LIbreOffice documents that it finds. The sysadmin comes along with his I-can-fix-anything-with-this flash drive that includes a whopping load of important macros along with various other scripts and utilities, plugs the drive into the secretary’s system to do some maintenance, then takes the drive back to his own system and launches one of his macros… and now his system is infected and the virus has root privileges to every server in the company’s network. And it all started thanks to one Firefox hole. (OK, this is a hypothetical scenario, but from what I know of information security, it’s a very plausible one.)

Now imagine that secretary’s not-so-secure Firefox was in a snap package. The secretary clicks on the malicious site, Firefox gets hacked… and then the hacker gets to stare at the inside of a snap container with no further access to any sensitive data. Sure, maybe they can try to hork passwords and gain further access that way, but it’s not as easy as the above scenario, and depending on the secretary’s setup, it might not be enough to hack into anything at all (maybe they do all their sensitive stuff in Chromium).

It might be a tiny inconvenience for you one time per system you use, but it’s very possibly a lifesaver for many, many others.

4 Likes

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.