(This tutorial is for Linux Mint main edition. If you're using LMDE use viewtopic.php?f=241&t=240156 instead. There also is an older tutorial viewtopic.php?f=42&t=202735 that covered how to create your own Firejail profiles. It is outdated but may be a place to start if you're interested in that.)
Firejail is an easy to use security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux kernel security features. It restricts what files and directories an application can access in your home directory and what access it has to system directories and system resources. Firejail is ideal for use with web browsers, desktop applications, and daemons/servers alike. Read more at its website: https://firejail.wordpress.com/
I personally highly recommend you use Firejail at least with your web browser.
There are various ways of installing Firejail. You can download a package from its website and install from that or you may install it from the repository. The version in the repository is the long term support (LTS) version but, curiously, instead of getting upgrades to the LTS version through the repository only selectively certain bug fixes are backported to the version in the repositories. It may be safe enough but right now I would err on the side of caution and instead install it from the website if for some reason you want the LTS version. The LTS version doesn't have the firecfg command used below to easily configure your programs to use Firejail. Instead I'd recommend you download the current version from the website. If you download either version from the website you will have to keep an eye on new releases yourself and upgrade from a new download.
You can subscribe to this feed to get new release announcements: https://github.com/netblue30/firejail/releases.atom
Option 1: download from website
The download page on Firejail's website: https://firejail.wordpress.com/download-2/. I would recommend you use the current version. The long term support version will continue to receive fixes for bug but won't get new features. Click through on the version you want and you will be taken to the SourceForge download page where you can download either the firejail_version_amd64.deb package (for 64-bit systems) or firejail_version_i386.deb package (for 32-bit systems). After downloading the file double-click it in your file manager to launch the installer.
Option 2: use the repository
Note: Firejail is in the repository starting with Linux Mint 18 so if you're using an older version of Linux Mint you can't use this option.
This is the easier option. Just open Software Manager and search for
firejailand install it. Configuration is harder though.
Firejail comes with a profile for over 140 programs. You can find all the profiles in /etc/firejail/. One simple way to use Firejail with a program is with the command
firejail programbut while simple this quickly becomes tedious. You can edit the program's launcher in your menu and prefix "firejail " to the command in the launcher. This is a good solution if you just want to run your web browser in the security sandbox but again tedious if you want to use it for all possible programs. Luckily Firejail has the option to make it so that the programs you have installed for which Firejail has a profile will be configured to use Firejail by default. For this you need to run two commands from the terminal.
Note: these commands are not available if you installed Firejail from the Linux Mint 18.x repository. You need to have installed it from the download on their website to get these commands.
First run the following command which makes all possible changes so that all users on your system will use Firejail with installed programs for which Firejail has a profile (you will be asked for your password so mind that on the terminal you get no visual feedback as you type a password; just type it and press enter).
Second run the following command which fixes any programs that have an incompatible menu launcher. You will need to run this command for every user.
If you install additional programs in the future for which there is a Firejail profile you will have to re-run both of these commands.
Now if you start one of these programs from your menu they will be run in the Firejail security sandbox. When in doubt you can run the command
firejail --listto see the list of programs currently running in a Firejail security sandbox.