Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sandboxed Flash Player Coming To Firefox

Posted by Soulskill on from the box-in-the-fox dept.

Trailrunner7 writes "Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash. The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself."

86 comments

  1. 'bout time! by Anonymous Coward · · Score: 2, Insightful

    Its about damn time they did this for Firefox. I don't know how many times Flash has caused my browser to crash and I couldn't do anything about it. I love how in Chrome only the Flash player dies and not the browser.

    1. Re:'bout time! by jjjhs · · Score: 5, Informative

      They isolated plugins (incl Flash and Silverlight) from crashing the browser a long time ago. Version 3.6 or something.

    2. Re:'bout time! by __1200333 · · Score: 5, Informative

      Switching from on-board to usb audio on windows 7 reliably hangs flash for me.

      However, you CAN do something about it! Find the right plugin-container.exe process (usually easy because it's the one taking hundreds of megabytes) and kill it. Firefox will now resume and give you the "your plugin has crashed" screen wherever flash was embedded previously.

    3. Re:'bout time! by icebike · · Score: 3, Interesting

      Chrome Already sandboxes Flash, but only if you turn it on, and only in the DEV branch (Version 17 is current dev version as of this writing).

      You can turn it on as explained here: https://plus.google.com/u/0/116560594978217291380/posts/CJvbAMkBiNf

      --
      Sig Battery depleted. Reverting to safe mode.
    4. Re:'bout time! by Anonymous Coward · · Score: 0

      They isolated plugins (incl Flash and Silverlight) from crashing the browser a long time ago. Version 3.6 or something.

      True, the whole browser no longer crashes. But it does stop responding for about 30 seconds every time Flash crashes. Unfortunately, it crashes quite a bit more often than it should - about twice a week at least on my work machine. It would be great if they ran it on a different thread or didn't need to sync the thread so tightly or whatever it is they are doing that makes it freeze the entire browser. It comes back to life after a bit and even prompts you to report that Flash crashed.

    5. Re:'bout time! by Anonymous Coward · · Score: 0

      True, the whole browser no longer crashes. But it does stop responding for about 30 seconds every time Flash crashes. Unfortunately, it crashes quite a bit more often than it should - about twice a week at least on my work machine. It would be great if they ran it on a different thread or didn't need to sync the thread so tightly or whatever it is they are doing that makes it freeze the entire browser. It comes back to life after a bit and even prompts you to report that Flash crashed.

      Are you sure that Flash is actually crashing there?

      If you open the task manager whilst a flash applet is running in Firefox, you'll see plugin-container.exe which is the hosting process for Flash. It sounds like Firefox is notifying Flash about something (redraw, click, scroll, whatever) and Flash is malfunctioning (100% CPU usage) causing Firefox to wait (If it's a redraw that was sent then the UI is going to lock until the draw completes) but Flash eventually eats too much RAM or does something stupid and crashes [after about 30 seconds]. Alternatively, Firefox might just be giving up and force-closing Flash after 30secs which is far too long, you should probably file a bug.

    6. Re:'bout time! by Anonymous Coward · · Score: 2, Informative

      Open about:config
      Search for "dom.ipc.plugins.timeoutSecs"
      Change it (from 45!) to 10 or 5.

      This should (hopefully) force Flash to crash faster, be careful if the PC is really slow though as clicking buttons that cause some sort of slow calculation to happen may crash the applet on you.

    7. Re:'bout time! by Anonymous Coward · · Score: 0

      You mean Chrome? Yes.

    8. Re:'bout time! by Justin_Schuh · · Score: 4, Informative

      Actually, Flash has been sandboxed in Chrome for about a year, but it's not fully sandboxed. To explain, the Chrome sandbox architecture supports five levels on Windows. Chrome's web content and its native PDF reader run at USER_LOCKDOWN and JOB_LOCKDOWN (level 5), which means a deny-only token. Right now Chrome's Flash sandbox runs at USER_INTERACTIVE (level 2) plus low-integrity level (just a bit better than IE's sandbox). However, we've been working for almost two years on a version of Flash that runs in as strong a sandbox as native Chrome content. My post was explaining how to test an alpha release of that improved Flash sandbox.

    9. Re:'bout time! by makomk · · Score: 1

      Also, that isn't going to work for Chromium because it requires the custom version of Flash that comes with Google Chrome, and there's no way to obtain and install that custom Flash plugin if you're a Chromium user - you have to download the none-Chrome version of Flash from Adobe, though chances are if you use Windows and aren't paying close attention that'll try and install Google Chrome too!

      In fact, I'm not sure that Chromium can sandbox the Flash plugin at all.

  2. Here's my hope. by Moryath · · Score: 4, Insightful

    Maybe sandboxing the damn flash player will stop it from periodically causing Firefox to hang for 30 seconds or so thanks to some damn ugly "full motion video" ad that's trying to load up?

    I'd love to see a ban on FMV ads. Double for FMV ads that start themselves automatically, and quadruple for those fucking ads that blast audio after doing so.

    1. Re:Here's my hope. by Anonymous Coward · · Score: 0

      That's in Chrome too so I doubt this will fix that.

    2. Re:Here's my hope. by Galestar · · Score: 5, Informative

      I'd love to see a ban on FMV ads...

      Install FlashBlock

      --
      AccountKiller
    3. Re:Here's my hope. by Hatta · · Score: 5, Informative

      Why are you not using NoScript?

      --
      Give me Classic Slashdot or give me death!
    4. Re:Here's my hope. by MetalliQaZ · · Score: 0

      Seconded.

      --
      "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
    5. Re:Here's my hope. by Anonymous Coward · · Score: 0

      TFA seems to be talking about Windows-only software. So no hope of being able to run a version of Flash that won't keep crashing Konqueror?

    6. Re:Here's my hope. by Microlith · · Score: 1

      Even with NoScript, you're always at risk of Flash hanging Firefox if you permit it to load. I'm not one to be patient with Flash so in such cases I kill the plugin-container and Firefox comes right back (seriously, Flash is the SOLE source of Firefox hangs for me.)

      What I'd like to see is Mozilla set up interactions with the plugin-container to be asynchronous so that the main Firefox thread doesn't hang when Flash kills the container. Until then, you can set dom.ipc.plugins.enabled.timeoutSecs to some super low value to keep Flash in line and minimize Firefox downtime. My preference is one second.

    7. Re:Here's my hope. by cshay · · Score: 1

      ...and flashblock.

    8. Re:Here's my hope. by Anonymous Coward · · Score: 1

      You permit "full motion video" ads to run? Damn, that's stupid. Here's how ya do it, ace. Use noscript + adblock and you'll hardly ever see anything you weren't expecting to see.

    9. Re:Here's my hope. by 1800maxim · · Score: 2, Informative

      Because it breaks the browsing experience on just about every site out there, and manually having to white-list each site is a painful process that's a usability nightmare.

    10. Re:Here's my hope. by cmarkn · · Score: 3, Insightful

      Yes, because clicking once for each domain that provides scripts to the site, the first time you visit it, is such a nightmare.

      --
      People should not fear their government. Governments should fear their people.
    11. Re:Here's my hope. by Yvan256 · · Score: 2

      Here's an easy solution: remove Flash from your system.

    12. Re:Here's my hope. by Anonymous Coward · · Score: 1

      Anyone who thinks "browsing experience" is a legitimate phrase should not be listened to.

    13. Re:Here's my hope. by Hatta · · Score: 4, Interesting

      Funny how my mac using artist girlfriend has no problems whatsoever with that "usability nightmare". Since she discovered it (on her own, no software evangelism in this household), she regularly comments on how awful the internet is when she has to use it without NoScript. THAT is the real usability nightmare.

      --
      Give me Classic Slashdot or give me death!
    14. Re:Here's my hope. by Endo13 · · Score: 1

      The ones that piss me off the most are the ones on NFL.com pages for live games that play in the same window the game updates will be displayed in. You can't block them, because if you do you won't get what you're on the page for. You can't mute the audio, and nevermind skipping the fucking ad. I've almost quit using the site entirely because of it.

      --
      There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
    15. Re:Here's my hope. by icebraining · · Score: 1

      NoScript blocks Flash, there's no point in having the two installed.

      --
      Dilbert RSS feed
    16. Re:Here's my hope. by coxymla · · Score: 1

      FlashBlock keeps the web usable unlike NoScript. If you have to install just one it's a far better option.

    17. Re:Here's my hope. by Anonymous Coward · · Score: 0

      Why are you not using NoScript?

      An even better question is "Why are you still using Flash player in the first place ?"

    18. Re:Here's my hope. by PReDiToR · · Score: 1

      FlashBlock and NoScript are both important to me.
      Cover from XSS and clickjacking are as important if not more so than the damn audible and visual annoyance that is Flash.

      I wouldn't say the Internet was worth using without NoScript, AdBlock Plus, FlashBlock, HTTPS Everywhere and Password Hasher.
      This is why I stick with Firefox, even though I know it has problems. Running it in SandBoxie is a must for me on Windows.br

      --

      Do not meddle in the affairs of geeks for they are subtle and quick to anger
    19. Re:Here's my hope. by zoloto · · Score: 1

      Dont' forget request policy.

    20. Re:Here's my hope. by zoloto · · Score: 1

      Exactly. I uninstalled flash/java/silverlight/etc plugins all the time for people and they praise me for how fast everything loads now.

    21. Re:Here's my hope. by icebraining · · Score: 1

      But NoScript already blocks Flash (and all other plugins), why install both?

      --
      Dilbert RSS feed
    22. Re:Here's my hope. by evilviper · · Score: 1

      it breaks the browsing experience on just about every site out there

      If "the browsing experience" is a euphemism for "full-screen ad overlays you have to click through" and "crap popping up when you incidentally mouse over a random word" then I'm happy to break it...

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    23. Re:Here's my hope. by MagusSlurpy · · Score: 1

      No, it's a euphemism for things like CAPTCHA boxes, UBB shortcut windows, and lots of login scripts on sites that have comment systems, possibly even the one you're using now. I just stick with AdBlock and Flashblock, and I'm perfectly happy with my experience.

      --
      My sister opened a computer store in Hawaii. She sells C shells by the seashore.
    24. Re:Here's my hope. by Anonymous Coward · · Score: 0

      Flashblock offers more control.

      With noscript you have to allow at least the current domain for most sites because they won't work without Javascript. Unfortunately that also allows Flash to run. If you add Flashblock, you can still control every single Flash-applet you want to run, e.g. only run the video player and not the ads, tracking bugs and other unwanted junk.

    25. Re:Here's my hope. by Inda · · Score: 2

      Give the man a break.

      I tried NoScript for a week and had to give up. When a site is loading 20 JS includes, how do you know which ones to allow for functionallity, and which ones are trackers and ad-servers?

      Block them all!

      Only you can't block them all as that often blocks content. That was probably the final straw for me - the blocked content - Google showed me a page I needed, and yet after loading the page, only the H1 headers were displayed, as the rest was generated by JS. That fails the "Dad test" every time.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    26. Re:Here's my hope. by PReDiToR · · Score: 1

      Sometimes I want to enable scripts on a page without enabling Flash.
      Some dickheads use Flash for their menus, which can be enabled separately from the ads and videos if the site is important enough to stay on.

      --

      Do not meddle in the affairs of geeks for they are subtle and quick to anger
    27. Re:Here's my hope. by Tim+C · · Score: 2

      That fixes it for him. Banning FMV ads fixes it for everyone.

      --
      It's official. Most of you are morons.
    28. Re:Here's my hope. by drinkypoo · · Score: 1

      Everyone can install flashblock. Or better yet, noscript, which also flashblocks.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    29. Re:Here's my hope. by JDG1980 · · Score: 2

      Why are you not using NoScript?

      Can't answer on his behalf, but I don't use NoScript because it breaks virtually every site on the Web by default.

    30. Re:Here's my hope. by Anonymous Coward · · Score: 0

      When a site is loading 20 JS includes it's a sign you should not be using that site. It's abusive and exploitive behavior on the part of the site owners. They're just trying to load as much ad and behavior analysis garbage on you as they can to make a buck.

      I don't know why the fuck anyone thinks it acceptable to load and execute any kind of code from 20+ un-vetted random URLS. I don't care how fucking secure you think your browser is. Attack surface is attack surface.

      Furthermore, I consider Ablock+ security software, not ad avoiding software. Ad vendors have proven they can't be trusted. The sleazy ones sell ads to malware spreaders. The lazy ones let their ad networks become vectors. The 'legit' ones are only slightly better, content to sell space to technically legal scams.

  3. Whitelist by sakdoctor · · Score: 4, Insightful

    The whitelist for flash is in the single digits. Most sites don't need that privilege.
    Youtube, a couple of porn sites ... that's about it really.

    1. Re:Whitelist by zoloto · · Score: 1

      you never need flash with the appropriate plugins such as "click to plugin" always loading the video directly in a similar manner to direct video embedding does. The only benefit to flash is for sites like youtube that have and utilize flash advertisements before videos.

  4. We should all... by Anonymous Coward · · Score: 1

    Look forward to the requisite performance drop and novel new glitches. Yay.

  5. Half Way There by rsmith-mac · · Score: 3, Insightful

    Considering Flash's extensive use as an attack vector this is great news. I would sleep better at night though if Firefox itself was also sandboxed; in fact I'm a bit surprised you can even sandbox Flash when the browser doesn't support it.

    1. Re:Half Way There by MetalliQaZ · · Score: 1

      Considering Flash's extensive use as an attack vector this is great news. I would sleep better at night though if Firefox itself was also sandboxed; in fact I'm a bit surprised you can even sandbox Flash when the browser doesn't support it.

      What happens when a user wants to download a file (on purpose) to their home directory when the entire browser is sandboxed?

      --
      "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
    2. Re:Half Way There by godrik · · Score: 2

      Personnally, I run firefox using a separate user account which has read permission only where it needs. (for instance, no /etc and no /home except /etc/iceweasel and /home/firefox obvisouly)

    3. Re:Half Way There by icebraining · · Score: 2

      A sandbox can permit saving files to a single specific directory while still denying access to any other directory.

      --
      Dilbert RSS feed
    4. Re:Half Way There by icebraining · · Score: 1

      Yeap. Using sudo it's very easy to set that up.

      --
      Dilbert RSS feed
    5. Re:Half Way There by PReDiToR · · Score: 2

      If you use Windows give Sandboxie a look over.
      When a file is downloaded you can recover to the directory the browser specifies or choose another location. Leaving it inside the sandbox and running it there (keygen, trial install) gives you the opportunity to remove the whole install if it contains malware, foistware or other crap you don't want.

      --

      Do not meddle in the affairs of geeks for they are subtle and quick to anger
    6. Re:Half Way There by Anonymous Coward · · Score: 0

      I was going to write a comment to say "wait doesn't that give superuser privileges?" But then I remembered that you can sudo to any account on the machine. I wonder how many people know that you can do that or remember it as a possible solution when presented with a problem. I sure don't and I bet my employer is glad I'm not their IT professional (of course, now I wonder if he does).

    7. Re:Half Way There by Anonymous Coward · · Score: 0

      +1 for Sandboxie. There are a lot of other ways to run apps in a VM or sandbox but Sandboxie is pretty convenient. Neat tool to run any application in a sandbox. Also adds some degree of control over apps like internet access and so on.

      I mainly use it to install programs I don't want to muck up my system (demos, apps I only need once or software from untrustworthy sources ... not that I'd ever download anything like that *cough*).

  6. sorry adobe, by nimbius · · Score: 5, Funny

    the problem with flash security and flash in general is your corporate culture, as is evidenced by consistent prior refusals to patch egregious bugs.

    consider HTML5. I personally liken it to a high caliber rifle in the face of your diseased and crippled cash cow.
    so long, and please dont hesitate to continue pedaling the rest of your product line straight into the ground and hell beyond with the same toxic mismanagement as flash. We here on the internet will gladly engineer the future at your expense, until your corporate office is nothing more than the 21st century equivalent of bleached bones rotting in the noon-day sun, vultured by contractors and languishing at the precipice of bankruptcy.

    --
    Good people go to bed earlier.
    1. Re:sorry adobe, by Anonymous Coward · · Score: 0

      Flash is:
      1. a large piece of software written in C, which pretty much guarantees it will contain security flaws (almost nobody has the obsessive attention to detail necessary to write secure code in a language that doesn't protect against overwriting arbitrary memory)
      2. popular enough to give people motivation to discover said security flaws

      Think you could do any better under those conditions?

    2. Re:sorry adobe, by Anonymous Coward · · Score: 0

      That's not the problem, Adobe's refusal to patch discovered flaws in a timely fashion is.

    3. Re:sorry adobe, by Anonymous Coward · · Score: 0

      he's not saying he can do any better. what he's saying is that he is an html5 advocate.

      there are precious few of them around these days as most have drifted away, probably to some other lost cause. what you're left with are those that are so consumed with blind faith that they will never face facts.

    4. Re:sorry adobe, by hobarrera · · Score: 1

      Wrong, wrong, wrong.
      OpenSSH, the OpenBSD kernel, and other extremely secure pieces of software are written in C, and are extremely safe. All the securest pieces of software I can think about, are in C or C++.

      Flash is unstable and insecure because Adobe is lazy and doesn't care about fixing it (it is too incompetet to do so), and doesn't die just because people and websites keep using it.

  7. A third layer of sandboxing? by Anonymous Coward · · Score: 1

    First there's the NPAPI, then there's plugin-container, and now there's another layer?

    1. Re:A third layer of sandboxing? by icebraining · · Score: 3, Informative

      NPAPI is just an API, not a sandbox. plugin-container just prevents flash from taking the browser with it when it crashes randomly, it doesn't protect anything from malicious code.

      --
      Dilbert RSS feed
  8. Project Codename: Sieve by CyberDog3K · · Score: 5, Funny

    Yes, let's all rely on Adobe, the company who wrote one of the planet's least secure multimedia delivery platforms in history, to save us from their own software. I'm sure the sandbox will be stable and secure and in no way, shape, or form, completely useless and awful.

    1. Re:Project Codename: Sieve by Anonymous Coward · · Score: 1

      They bought Flash when they acquired Macromedia. They just made it much worse.

    2. Re:Project Codename: Sieve by Anonymous Coward · · Score: 0

      Don't forget maintainable and quickly portable to a variety of platforms!

    3. Re:Project Codename: Sieve by Anonymous Coward · · Score: 0

      And tons of features were added and are still being added that HTML5 won't do... Most of which will not appear until HTML 7 or 8. Sorry to inconvenience you.

    4. Re:Project Codename: Sieve by Anomalyst · · Score: 2

      I cant imagine any of these "features" would have any possible positive aspect for me when using a browser.
      At best they are trivial convenience stuff to assist the marketdroids to present the sheeple with their "vision".
      I DONT want marketing dweebs running poorly concieved and even more poorly implemented code on my machine, no matter how well sandboxed.
      NoScript and Adblock FTW.

      --
      There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
    5. Re:Project Codename: Sieve by Johann+Lau · · Score: 1

      name the features.

    6. Re:Project Codename: Sieve by Anonymous Coward · · Score: 0

      sad thing is the chances are you've got your mouthparts locked around steve job's rotting pecker.

      when will you cocksuckers give it up!!! the dood's been dead for quite a while.

    7. Re:Project Codename: Sieve by twokay · · Score: 1

      Indeed, the Sandbox mode in Adobe Reader X is a PITA. It plays havoc with anti-virus and i have seen workstations with no anti-virus installed refuse to open .pdf docs until it is disabled.

      I still leave it on by default here, but thats the first thing to check when anyone complains their pdf file wont open.

      --
      Wannabe nerd.
  9. Such Shit, We have to Box it and pray by Anonymous Coward · · Score: 0

    Better hope pandora's box v666 has good wood and nails on the lid.

  10. Ad Block? by antdude · · Score: 1

    Come on, ad block!!

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  11. I look forward to using this... by Anonymous Coward · · Score: 0

    ... in 2016 when it becomes available for Linux.

  12. Wow this is awesome! by stevenfuzz · · Score: 1

    Now if we could just get some updates on the next Realplayer release, and whether or not it will be sandboxed with AOL, I can comfortably enter 2005 on the bleeding edge.

  13. As says the wise man by Anonymous Coward · · Score: 0

    Too little, too late.

  14. Re:'bout time! - Ha! -don't need no stinking flash by Anonymous Coward · · Score: 0

    I went full linux (Linux Mint, and now using Cinnamon) as of a month and half ago. I installed flash at first, but it sucked so bad, I took it off. I have been flash free for at least 3 weeks now and I LOVE IT. You no longer _need_ flash to get everything you want online. Even Youtube works great without it now. :)

    (Note: I am a professional web developer for 13 years now, spent literally thousands of hours in flash development and animation and I teach flash at a local community college. I taught Director before that, and advised they dump it for more flash. Now it's time to start planning for a future without flash.)

  15. Firefox Dev Tools by This+is+my+user+name · · Score: 1

    Firefox is getting so torn between different developer platforms. They could cater to users of canvas, with their JS scratchpad, or they could appease flash users. Tough choice.

    --
    I am a 5th level dwarven warrior. I have shuriken.
  16. Its about time by PPH · · Score: 2

    My cat has been trying to bury Flash for years.

    --
    Have gnu, will travel.
  17. what about ie? by dirtyhippie · · Score: 1

    subject says it all, really. it's nice to have it for chrome and firefox, but where it's really needed is in ie.

  18. Nope by dutchwhizzman · · Score: 1

    They still crash the browser often enough. All FF did was kill plugins that were unresponsive for an X amount of time, but the didn't do any sandboxing or insulating.

    --
    I was promised a flying car. Where is my flying car?
    1. Re:Nope by Anonymous Coward · · Score: 0

      Um. They also run the plugin in a separate process...
      plugin-container.exe
      Since Firefox 3.6.4 actually.
      https://www.mozilla.org/en-US/firefox/3.6.4/releasenotes/

      There are still possibilities for crashes, but hell, Chromium crashes on me too, even with it having the complete process isolation that Firefox just rolled out last fall on mobile.

      Actually, on my particular hardware, Firefox seems to be far more stable and memory efficient, but that's unrelated to the plugin-container.exe thing

      This sandbox is just an added layer.

  19. cave paintings by dutchwhizzman · · Score: 1

    Cave paintings exist where they sandboxed flash. It's about time Adobe did the same....

    --
    I was promised a flying car. Where is my flying car?
  20. Does it run on linux? by Requiem18th · · Score: 1

    Seems like the most obvious question but does this run on Linux? Also, does Gnash, or any other free implementation of the flash plugin offer this too?

    --
    But... the future refused to change.
  21. sandboxie? by Anonymous Coward · · Score: 0

    http://www.sandboxie.com/

    Does this not work?

  22. Re:Just admit Apple was right. by hobarrera · · Score: 1

    Why is this downvoted? There's a very valid point being made here: flash needs to be dropped once and for all.