Looks like Adobe is hard at work trying to keep Flash secure. After successfully teaming up with Google to integrate a sandboxed Flash Player into Chrome a couple of years ago, Adobe is now working on a similarly sandboxed plug-in for Firefox. Here’s the relevant snippet from the blog post by Adobe’s Peleus Uhley:
Today, Adobe has launched a public beta of our new Flash Player sandbox (aka “Protected Mode”) for the Firefox browser. The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach. Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation.
Unlike the Chrome implementation, the beta plug-in for Firefox isn’t built right into the browser. The public beta Adobe offers is a simple plug-in installer. (Of course, that doesn’t preclude some further integration with Mozilla, but the Adobe post doesn’t mention anything of the sort.)
Integrated or not, the sandboxing approach ought to help keep Firefox secure. Adobe points out that sandboxing in the Adobe Reader X plug-in has had a palpable effect—"we have not seen a single successful exploit in the wild against Adobe Reader X," the company says.