The single biggest threat to your Linux system is your web browser. When you think about it, it makes perfect sense. A browser is a large and complex piece of software with the ability to execute code, and it accesses the open Internet and executes just about everything that it comes into contact with.
The best way to handle this problem is by compartmentalizing your browser, or any other Internet-facing application, away from the rest of your system. This way, it can’t do nearly as much damage if it is compromised. That’s what Firejail is for. Firejail is a sandboxing program that allows programs to run in individual sandboxes with their own set of parameters, limiting their contact with the rest of your system.