[shmerl]

I can chown them, but isn't that bad in general? If something breaks out from the browser, it can overwrite the binary with malicious code or whatever. Is it a real concern? Regular Linux packages aren't accessible for writing for the ordniary user offering some security barrier.

[riquito]

If something breaks out and can run as your user you're done for. For example it could put an alias in .bashrc for ssh to evilssh and you would never know it (until it's too late).

Running firefox not as root is a good idea, but keep in mind that if a user run an evil application, that user is utterly compromised.

[andor]

Such code could also install a separate malware binary, overwriting the Firefox binary is only one possibility. If you really want to prevent malicious writes, use SELinux (or AppArmor, I guess).