diff --git b/etc/iceape-uxp.profile b/etc/iceape-uxp.profile
new file mode 100644
index 0000000..b8a4a9b
--- /dev/null
+++ b/etc/iceape-uxp.profile
@@ -0,0 +1,45 @@
+# Firejail profile for iceape-uxp
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/iceape-uxp.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.cache/mozilla
+mkdir ${HOME}/.mozilla
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+
+disable-mnt
+# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel-uxp,icedove-uxp,mime.types,mailcap,asound.conf,pulse,machine-id