Ubuntu or Debian:
$  sudo apt-get update
$  sudo apt-get install firejail
$  sudo apt-get install xpra xserver-xephyr

The sandbox replaces the regular X11 server with Xpra or Xephyr server. This prevents X11 keyboard loggers and screenshot utilities from accessing the main X11 server.

```
To install for all, Users (NOTE: you'll need to make the "work" folder for each users home path on the PC):
IE: $ mkdir /home/USERsName/work
$  mv /usr/share/applications/firefox.desktop /usr/share/applications/firefox.desktop.orig	
$  nano /usr/share/applications/firefox.desktop	

OR - for just, you:
$  mkdir ~/work
$  nano ~/.local/share/applications/firefox.desktop

# Note --dns is optional... It will break your DNS content filtering if you have that setup!

Insert the following:
```

```
[Desktop Entry]
Version=1.0
Name=Firefox Web Sandboxed
Comment=World Wide Web
GenericName=Web Browser
Keywords=Internet;WWW;Browser;Web;Explorer
Exec=firejail --seccomp --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -no-remote
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=firefox
Categories=GNOME;GTK;Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/chrome;video/webm;application/x-xpinstall;
StartupNotify=true
Actions=secure-mode;private

[Desktop Action private]
Name=Private Mode
Exec=firejail --seccomp --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -no-remote -private-window

[Desktop Action secure-mode]
Name=Super Secure Mode
Exec=firejail --seccomp --x11 --name=SecureMode --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -private-window -no-remote -safe-mode
```

To Save, do: ctrl+x, then press Y to save. Enter to accept filename...

Once saved, reboot and Copy Launcher Icon to Launcher Tray... Try dragging and dropping (from Show Applications, FireFox) to your sidebar....

### Note: All access for FireFox will be JAILed to the path ~/work and will not be able to get out of that Jail! Cool, huh.

You may access downloads via: $ nautilus ~/work/Downloads &

Or Open Files and goto : work/Downloads

Now, if at any time you get spy/malware/ad toolbars or whatever you do not want....
All you need to do is remove the work folder from your home path, all setting will be wiped along with bookmarks!!!

Backup/Export your bookmarks, then rm -rf /home/yourUSERnameHere/work