diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox
index f1443a936..b3e78105e 100644
--- a/apparmor.d/abstractions/app/firefox
+++ b/apparmor.d/abstractions/app/firefox
@@ -17,6 +17,7 @@
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.FileManager1>
+  include <abstractions/bus/org.freedesktop.NetworkManager>
   include <abstractions/cups-client>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
@@ -46,6 +47,8 @@
 
   signal (send) set=(term, kill) peer=@{profile_name}-*,
 
+  #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
+
   @{sh_path}                 rix,
   @{bin}/basename            rix,
   @{bin}/dirname             rix,
@@ -54,11 +57,9 @@
   @{lib_dirs}/{,**}             r,
   @{lib_dirs}/*.so              mr,
   @{lib_dirs}/crashreporter     rPx,
-  @{lib_dirs}/glxtest           rPx -> firefox//&firefox-glxtest,
   @{lib_dirs}/minidump-analyzer rPx,
   @{lib_dirs}/pingsender        rPx,
   @{lib_dirs}/plugin-container  rPx,
-  @{lib_dirs}/vaapitest         rPx -> firefox//&firefox-vaapitest,
 
   # Desktop integration
   @{bin}/lsb_release            rPx -> lsb_release,
@@ -157,7 +158,6 @@
   # Silencer
   deny dbus send bus=system path=/org/freedesktop/hostname1,
   deny /tmp/MozillaUpdateLock-* w,
-  deny owner @{HOME}/ r,
   deny owner @{HOME}/.* r,
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
   deny @{run}/user/@{uid}/gnome-shell-disable-extensions w,
diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index 6d50db9dc..75c3c0f86 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -24,13 +24,17 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mrix,
 
+  @{lib_dirs}/glxtest    rPx -> firefox//&firefox-glxtest,
+  @{lib_dirs}/vaapitest  rPx -> firefox//&firefox-vaapitest,
+
+  @{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemKWaylandPlugin.so mr,
   @{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
   @{lib}/mozilla/plugins/ r,
-  @{lib}/mozilla/plugins/libvlcplugin.so mr,
+  @{lib}/mozilla/plugins/*.so mr,
 
   # Desktop integration
   @{bin}/gnome-software                              rPx,
-  @{bin}/kreadconfig5                                rix,
+  @{bin}/kreadconfig{,5}                             rPx,
   @{bin}/plasma-browser-integration-host             rPx,
   @{bin}/update-mime-database                        rPx,
   @{lib}/gvfsd-metadata                              rPx,