Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sandboxed Flash Player Coming To Firefox

Posted by Soulskill on from the box-in-the-fox dept.

Trailrunner7 writes "Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash. The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself."

5 of 86 comments (clear)

  1. Re:Here's my hope. by Galestar · · Score: 5, Informative

    I'd love to see a ban on FMV ads...

    Install FlashBlock

    --
    AccountKiller
  2. Re:Here's my hope. by Hatta · · Score: 5, Informative

    Why are you not using NoScript?

    --
    Give me Classic Slashdot or give me death!
  3. Re:'bout time! by jjjhs · · Score: 5, Informative

    They isolated plugins (incl Flash and Silverlight) from crashing the browser a long time ago. Version 3.6 or something.

  4. Re:'bout time! by __1200333 · · Score: 5, Informative

    Switching from on-board to usb audio on windows 7 reliably hangs flash for me.

    However, you CAN do something about it! Find the right plugin-container.exe process (usually easy because it's the one taking hundreds of megabytes) and kill it. Firefox will now resume and give you the "your plugin has crashed" screen wherever flash was embedded previously.

  5. Re:'bout time! by Justin_Schuh · · Score: 4, Informative

    Actually, Flash has been sandboxed in Chrome for about a year, but it's not fully sandboxed. To explain, the Chrome sandbox architecture supports five levels on Windows. Chrome's web content and its native PDF reader run at USER_LOCKDOWN and JOB_LOCKDOWN (level 5), which means a deny-only token. Right now Chrome's Flash sandbox runs at USER_INTERACTIVE (level 2) plus low-integrity level (just a bit better than IE's sandbox). However, we've been working for almost two years on a version of Flash that runs in as strong a sandbox as native Chrome content. My post was explaining how to test an alpha release of that improved Flash sandbox.