Please ignore the entire cybersecurity hype news cycle about images being used to spread malware.
I've heard of thumbnails being used to deliver malware. Specifically the idea that "thumbnailers" are javascript code included in the file that will run in order to generate a thumbnail and they have the potential to deliver malware. After an arduous search I found this article https://thehackernews.com/2017/07/linux-gnome-vulnerability.html suggesting a vulnerability in the thumbnail generator for windows executables on GNOME allowed it to be used to deliver malware because the file name contained code that was executed by the thumbnailer. I'm still entirely unclear about what a thumbnailer even is (whether it's local or remote code) or what my original source was. For now I'll just turn off thumbnails for all but images and hope that counts as adequate security.
The idea of disabling sudo was that malware would try to use sudo and fail (plus Secureblue's endorsement). But now that I think about it malware probably wouldn't keylog my password and use systemd anyway, but instead use something less tedious and less distro-dependent like a privilege escalation attack. I'm wondering though, are you saying that you think run0 is more vulnerable, or that it shares a massive attack surface with sudo?
I guess the value of browser escape vulnerabilities explains why I've never gotten any malware despite my risky web browsing. Though browser extensions still pose a risk and being a Firefox users I suspect that such value is low enough to use for run-of-the-mill malware (though probably just for Windows). I've heard a fair few times about thumbnailer attacks, but no real detail from KDE about what if any mitigations they have in place.
By Sandbox I mean that the apps I install should only have access to the files in a dedicated directory. Mullvad seems to do this on Kubuntu, there's a .mullvad-browser folder in my home directory and whenever I try to upload or download an image using it I find myself unable to navigate away and instead need to use my file manager to do so.
I'm not really interested in QubesOS. As above my first priority is running Linux and while the virtualization in QubesOS interests me it's not an operating system I want to use.
In terms of phishing I am very prepared. In terms of malicious webpages not really. Noscript probably helps but I click on basically any link with no regard for safety, and if it doesn't work I normally give it any javascript permissions it asks for (except wasm, unrestricted css, LAN, and other). Plus there's the added risk of browser extension supply chain attacks that I've been getting increasingly paranoid about.
I think you're right about software. If I use SELinux, and especially if I use a hardened profile on it, then I should be reasonably secure. If I uninstall sudo and switch to run0 (which I prefer using anyway) then malware probably wouldn't be able to do much of anything if it escapes the sandbox. I've heard everywhere that Fedora and OpenSUSE are relatively good on security so I have every reason to trust your assessment.
I heard that the sandbox on Fedora (and all major distros) is relatively weak, and pulseaudio is a known escape vector for webpage malware. So I'm not 100% Fedora is reasonably secure.
SB isn't immutable BTW. I wish it was because I like the idea of immutable distros (for people who don't use Arch) but it isn't.
I'm after security against malware and websites to prevent my email or government services from being accessed maliciously, but I want to do so without over-relying on the obscurity of Linux and Firefox.
In other words, I want to do my due diligence on security.
I believe Australian laws state that if the government requests your data and they can't hand it over, they're required to build a method to track you. So practically speaking if you want true privacy you'd need to use the Tor network.
I understand Mullvad as a middle-ground between the anonymity of Tor and the convenience of Firefox. I'm not entirely convinced either way as to whether it is compatible.
Using Librewolf deprives Firefox of sponsor money, so it's to some extent a boycott. The idea though that we need to switch to a new browser engine because we lost faith in Mozilla is a bit silly, the Gecko engine is open source so it can be stuck with even if Mozilla goes away. Just look at Pale Moon (not great security-wise, but it does exist).
I mostly use Firefox because it lets you bookmark a page without overwriting an existing bookmark. I have a lot of bookmarks and they sometimes need to be in multiple folders, but Blink-based browsers only let you create duplicates by manually copying a bookmark and pasting it elsewhere.
I'm finding certain security features being lacking from Firefox to be annoying. I should be able to set JIT javascript compiliation and DRM to be opt-in on a per-site basis considering the security risks in those codebases, especially considering the weaker security of the Gecko engine.
I'm also concerned about the prospect of the only browser engine besides Webkit being Blink, but if that were my only issue I could spoof my user agent.
I've heard of thumbnails being used to deliver malware. Specifically the idea that "thumbnailers" are javascript code included in the file that will run in order to generate a thumbnail and they have the potential to deliver malware. After an arduous search I found this article https://thehackernews.com/2017/07/linux-gnome-vulnerability.html suggesting a vulnerability in the thumbnail generator for windows executables on GNOME allowed it to be used to deliver malware because the file name contained code that was executed by the thumbnailer. I'm still entirely unclear about what a thumbnailer even is (whether it's local or remote code) or what my original source was. For now I'll just turn off thumbnails for all but images and hope that counts as adequate security.