Package: apparmor
Version: 4.1.0~beta5-2
Severity: important

After the apparmor upgrade to 4.1.0~beta5-2, Firefox
(Debian's package firefox 135.0.1-1) now displays the
following warning message:

Some of Firefox's security features may offer less protection
on your current operating system.

See attached screenshot.

The link "How to fix this issue" leads to

https://support.mozilla.org/en-US/kb/install-firefox-linux

which says:

The sandbox in Firefox makes use of unprivileged user namespaces
when creating new processes for enforcing more security. This can be
considered a security risk, therefore some Linux distributions have
started to restrict its usage and only allow it to work where there
is an AppArmor profile.

Such profiles can only cover a limited set of installations paths,
including Snap and Debian packages. They cannot however cover some
other use cases, such as tarball installations as well as local
development builds.

and then explains how to create an apparmor profile (but here, there
is already /etc/apparmor.d/firefox).

-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.11.10-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.89
ii libc6 2.40-7

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>

-- debconf information:
apparmor/homedirs: