Flash Player for Firefox to get its own sandbox

Looks like Adobe is hard at work trying to keep Flash secure. After successfully teaming up with Google to integrate a sandboxed Flash Player into Chrome a couple of years ago, Adobe is now working on a similarly sandboxed plug-in for Firefox. Here’s the relevant snippet from the blog post by Adobe’s Peleus Uhley:

Today, Adobe has launched a public beta of our new Flash Player sandbox (aka “Protected Mode”) for the Firefox browser. The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach. Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation.

Unlike the Chrome implementation, the beta plug-in for Firefox isn’t built right into the browser. The public beta Adobe offers is a simple plug-in installer. (Of course, that doesn’t preclude some further integration with Mozilla, but the Adobe post doesn’t mention anything of the sort.)

Integrated or not, the sandboxing approach ought to help keep Firefox secure. Adobe points out that sandboxing in the Adobe Reader X plug-in has had a palpable effect—"we have not seen a single successful exploit in the wild against Adobe Reader X," the company says.

Comments closed
    • Chrispy_
    • 8 years ago

    Noscript.
    You’re welcome.

    (don’t forget to allow all of your favourite sites, they need the ad revenue)

    • ShadowTiger
    • 8 years ago

    I’ve heard of several “sandboxed” technologies being ineffective, I wouldn’t put to much trust in this one. Isn’t IE supposed to be sandboxed too?

      • stmok
      • 8 years ago

      Sandboxing isn’t a silver bullet to application security. It nullifies certain types of attacks, but does nothing for others. You can break out of them, as it depends on the sandbox implementation itself, as well as how the sandboxed application was written. (There’s nothing you can do if the application itself was poorly written from the start!)

      In the case of IE, one exploits core Windows components or third-party components in order to chain an attack on IE. So it really didn’t matter if you put IE in a sandbox when the surrounding infrastructure was vulnerable to security issues. (Eventually, Microsoft will have to dump the gruft code in future Windows versions.)

      The only good way for better software security (guaranteed) is to undergo a seriously stringent design, implementation, and audit process from the start. ie: Before you even type a single line of code out on screen, you must design it on paper first.

      Designing and writing a good piece of software is one where we can all appreciate.

      Better designed and written software => Robust, fewer bugfix updates needed, establishes good reputation with end-user.

    • UberGerbil
    • 8 years ago

    Considering what’s found within it, they really should call this a Litterbox.

    • Philldoe
    • 8 years ago

    I consider myself quite lucky. Flash has never crashed Opera on any of my PC’s. I suppose this is why I don’t have the utter hate for flash that so many of you do. Can’t say it’s really ever caused me any real issues. That’s not to say I don’t see the occasional flash ad that pegs my CPU to 100% about twice a year. Easy fix in Opera though. Right click > Block Content > Click offending ad > click done. Problem solved and happy Philldoe.

      • ShadowTiger
      • 8 years ago

      My biggest problem with Opera is that it hangs on Javascript pretty frequently, forcing me to press the stop button. Also, if one tab is busy with javascript, it freezes the whole browser. I am thinking of switching to Firefox because of cool plugins like NoScript and Ghostery.

        • Philldoe
        • 8 years ago

        Can’t say I have the same issue as you, also Opera has the same functionality as NoScript built right into the browser. Not even sure what Ghostery is but I’d be willing to bet there is either the same functionality built in or it is available in an extension for Opera.

    • Kollaps
    • 8 years ago

    Flash sucks, doesn’t matter if you’re Chrome or Firefox, Linxu, Windows, or OSX. It sucks. Too bad the HTML5 video elements seems to have been forgotten about. The only time I recall seeing recently it was YouTube using it as the fallback to a Flash-less browser.

      • Philldoe
      • 8 years ago

      Lot’s of sites including youtube said they are moving to HTML5. I can’t remember if it’s only HTML5 or HTML5 with Flash as a backup.

        • UberGerbil
        • 8 years ago

        Increasingly, I’m finding that Chrome with Flash completely disabled will still play many videos on YouTube. Clearly they are in transition, but at least as far as the all-Google Chrome + YouTube combination goes, Flash is becoming unnecessary (a development that’s long overdue)

    • flip-mode
    • 8 years ago

    After not using Firefox at all for well over a year, I decided to see how it’s going with Firefox these days. I downloaded the latest release and made it my default browser. There are some interface quirks that I’m not fond of but that I can overlook. But the real problem is flash play was constantly crashing. Load the same page up in Chrome that was crashing in Firefox and there were no problems. So the Flash crash combined with interface dislikes had me setting Chrome back as my default browser less that 48 hours later.

      • Goty
      • 8 years ago

      Can you give us some of the sites where you’ve been having this problem? I’ve experienced maybe two flash plugin crashes in the past six months, and that’s even under Aurora.

        • Derfer
        • 8 years ago

        Flash crashes and freezes anywhere there’s flash. Yahoo videos, comedy central videos, gawker videos, not to mention gawker in general. A lot of it seems to happen either at initial load in or upon trying to leave the page. Flash has been terrorizing internet users for quite some time now.

        • flip-mode
        • 8 years ago

        I didn’t make a note of what those sites were. I should have. :frown:

      • DancinJack
      • 8 years ago

      Were you by chance running Linux?

        • wujj123456
        • 8 years ago

        Even Linux is fine, as long as you get the right version. Usually the distro devs do that for you.

      • GTVic
      • 8 years ago

      I found the exact opposite but just with one of those free games that comes with Chrome.

    • cygnus1
    • 8 years ago

    be prepared for this to crash a ton, adobe reader protected mode sure as hell does on plenty of systems

    • Neutronbeam
    • 8 years ago

    For me, Flash in Chrome crashes regularly–the browser is fine, but Flash-based graphics aren’t available. I SO want Flash to go away permanently.

      • OneArmedScissor
      • 8 years ago

      Lol yeah it’s an eye opener to see all of those pop up messages about Flash/Shockwave coming up in the browser window, whereas those are typically just *poof* crashes in browsers like IE. Even the auto updates can’t save Chrome from it. It’s not the implementation, it’s just Flash itself.

        • flip-mode
        • 8 years ago

        It’s normally a couple of months between Chrome crashes for me. Firefox crashed on 3-4 different sites in less than one day’s use – and it was repeatable at each of those sites – while Chrome crashed on none of them. So maybe it’s a case of Flash sucking to begin with but being more stable on Chrome than elsewhere.

          • Farting Bob
          • 8 years ago

          What sites did FF continously crash on for you? Been using the latest version of FF since v1.something and yes the occasional crash or stall occurs (usually after a few seconds the broswer becomes responsive again when that happens) but no site i have visited (including pr0n and shady grey area sites) seem to repeatedly crash it. Just curious what type of sites seem to crash FF so much, and what is on those sites that causes it.

      • crose
      • 8 years ago

      Same for me but with Firefox.

        • indeego
        • 8 years ago

        Happens all the time for me with youtube embeds within other sites. I don’t even bother clicking anymore on the site’s embed, just go back to youtube and watch.

          • tay
          • 8 years ago

          Isn’t that weird? I think the embeds play in flash but on youtube itself you might be picking up the H.264 native HTML5 player.

      • Meadows
      • 8 years ago

      Funny how I use the regular Flash with Opera and never have issues.

    • jtennison
    • 8 years ago

    Well, if they do, and if it works, then I may allow Flash player back on my PC. Right now it’s banned!

    • Xylker
    • 8 years ago

    Can’t. Come. Soon. Enough.

Pin It on Pinterest

Share This