Sandboxed Flash Player Coming To Firefox

← Back to Stories (view on slashdot.org)

Sandboxed Flash Player Coming To Firefox

Posted by Soulskill on Monday February 6, 2012 @09:55AM from the box-in-the-fox dept.

Trailrunner7 writes "Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash. The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself."

59 of 86 comments (clear)

Min score:

Reason:

Sort:

'bout time! by Anonymous Coward · 2012-02-06 09:59 · Score: 2, Insightful

Its about damn time they did this for Firefox. I don't know how many times Flash has caused my browser to crash and I couldn't do anything about it. I love how in Chrome only the Flash player dies and not the browser.
1. Re:'bout time! by jjjhs · 2012-02-06 10:16 · Score: 5, Informative
  
  They isolated plugins (incl Flash and Silverlight) from crashing the browser a long time ago. Version 3.6 or something.
2. Re:'bout time! by __1200333 · 2012-02-06 10:37 · Score: 5, Informative
  
  Switching from on-board to usb audio on windows 7 reliably hangs flash for me.
  However, you CAN do something about it! Find the right plugin-container.exe process (usually easy because it's the one taking hundreds of megabytes) and kill it. Firefox will now resume and give you the "your plugin has crashed" screen wherever flash was embedded previously.
3. Re:'bout time! by icebike · 2012-02-06 11:07 · Score: 3, Interesting
  
  Chrome Already sandboxes Flash, but only if you turn it on, and only in the DEV branch (Version 17 is current dev version as of this writing).
  You can turn it on as explained here: https://plus.google.com/u/0/116560594978217291380/posts/CJvbAMkBiNf
  
  --
  Sig Battery depleted. Reverting to safe mode.
4. Re:'bout time! by Anonymous Coward · 2012-02-06 14:19 · Score: 2, Informative
  
  Open about:config
  Search for "dom.ipc.plugins.timeoutSecs"
  Change it (from 45!) to 10 or 5.
  This should (hopefully) force Flash to crash faster, be careful if the PC is really slow though as clicking buttons that cause some sort of slow calculation to happen may crash the applet on you.
5. Re:'bout time! by Justin_Schuh · 2012-02-06 17:21 · Score: 4, Informative
  
  Actually, Flash has been sandboxed in Chrome for about a year, but it's not fully sandboxed. To explain, the Chrome sandbox architecture supports five levels on Windows. Chrome's web content and its native PDF reader run at USER_LOCKDOWN and JOB_LOCKDOWN (level 5), which means a deny-only token. Right now Chrome's Flash sandbox runs at USER_INTERACTIVE (level 2) plus low-integrity level (just a bit better than IE's sandbox). However, we've been working for almost two years on a version of Flash that runs in as strong a sandbox as native Chrome content. My post was explaining how to test an alpha release of that improved Flash sandbox.
6. Re:'bout time! by makomk · 2012-02-06 22:59 · Score: 1
  
  Also, that isn't going to work for Chromium because it requires the custom version of Flash that comes with Google Chrome, and there's no way to obtain and install that custom Flash plugin if you're a Chromium user - you have to download the none-Chrome version of Flash from Adobe, though chances are if you use Windows and aren't paying close attention that'll try and install Google Chrome too!
  In fact, I'm not sure that Chromium can sandbox the Flash plugin at all.
Here's my hope. by Moryath · 2012-02-06 10:00 · Score: 4, Insightful

Maybe sandboxing the damn flash player will stop it from periodically causing Firefox to hang for 30 seconds or so thanks to some damn ugly "full motion video" ad that's trying to load up?
I'd love to see a ban on FMV ads. Double for FMV ads that start themselves automatically, and quadruple for those fucking ads that blast audio after doing so.
1. Re:Here's my hope. by Galestar · 2012-02-06 10:04 · Score: 5, Informative
  
  I'd love to see a ban on FMV ads...
  Install FlashBlock
  
  --
  AccountKiller
2. Re:Here's my hope. by Hatta · 2012-02-06 10:07 · Score: 5, Informative
  
  Why are you not using NoScript?
  
  --
  Give me Classic Slashdot or give me death!
3. Re:Here's my hope. by Microlith · 2012-02-06 10:24 · Score: 1
  
  Even with NoScript, you're always at risk of Flash hanging Firefox if you permit it to load. I'm not one to be patient with Flash so in such cases I kill the plugin-container and Firefox comes right back (seriously, Flash is the SOLE source of Firefox hangs for me.)
  What I'd like to see is Mozilla set up interactions with the plugin-container to be asynchronous so that the main Firefox thread doesn't hang when Flash kills the container. Until then, you can set dom.ipc.plugins.enabled.timeoutSecs to some super low value to keep Flash in line and minimize Firefox downtime. My preference is one second.
4. Re:Here's my hope. by cshay · 2012-02-06 10:31 · Score: 1
  
  ...and flashblock.
5. Re:Here's my hope. by Anonymous Coward · 2012-02-06 10:37 · Score: 1
  
  You permit "full motion video" ads to run? Damn, that's stupid. Here's how ya do it, ace. Use noscript + adblock and you'll hardly ever see anything you weren't expecting to see.
6. Re:Here's my hope. by 1800maxim · 2012-02-06 10:41 · Score: 2, Informative
  
  Because it breaks the browsing experience on just about every site out there, and manually having to white-list each site is a painful process that's a usability nightmare.
7. Re:Here's my hope. by cmarkn · 2012-02-06 10:53 · Score: 3, Insightful
  
  Yes, because clicking once for each domain that provides scripts to the site, the first time you visit it, is such a nightmare.
  
  --
  People should not fear their government. Governments should fear their people.
8. Re:Here's my hope. by Yvan256 · 2012-02-06 10:55 · Score: 2
  
  Here's an easy solution: remove Flash from your system.
9. Re:Here's my hope. by Anonymous Coward · 2012-02-06 10:57 · Score: 1
  
  Anyone who thinks "browsing experience" is a legitimate phrase should not be listened to.
10. Re:Here's my hope. by Hatta · 2012-02-06 10:59 · Score: 4, Interesting
  
  Funny how my mac using artist girlfriend has no problems whatsoever with that "usability nightmare". Since she discovered it (on her own, no software evangelism in this household), she regularly comments on how awful the internet is when she has to use it without NoScript. THAT is the real usability nightmare.
  
  --
  Give me Classic Slashdot or give me death!
11. Re:Here's my hope. by Endo13 · 2012-02-06 11:09 · Score: 1
  
  The ones that piss me off the most are the ones on NFL.com pages for live games that play in the same window the game updates will be displayed in. You can't block them, because if you do you won't get what you're on the page for. You can't mute the audio, and nevermind skipping the fucking ad. I've almost quit using the site entirely because of it.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
12. Re:Here's my hope. by icebraining · 2012-02-06 11:50 · Score: 1
  
  NoScript blocks Flash, there's no point in having the two installed.
  
  --
  Dilbert RSS feed
13. Re:Here's my hope. by coxymla · 2012-02-06 12:35 · Score: 1
  
  FlashBlock keeps the web usable unlike NoScript. If you have to install just one it's a far better option.
14. Re:Here's my hope. by PReDiToR · 2012-02-06 13:11 · Score: 1
  
  FlashBlock and NoScript are both important to me.
  Cover from XSS and clickjacking are as important if not more so than the damn audible and visual annoyance that is Flash.
  
  I wouldn't say the Internet was worth using without NoScript, AdBlock Plus, FlashBlock, HTTPS Everywhere and Password Hasher.
  This is why I stick with Firefox, even though I know it has problems. Running it in SandBoxie is a must for me on Windows.br
  
  --
  
  Do not meddle in the affairs of geeks for they are subtle and quick to anger
15. Re:Here's my hope. by zoloto · 2012-02-06 15:19 · Score: 1
  
  Dont' forget request policy.
16. Re:Here's my hope. by zoloto · 2012-02-06 15:21 · Score: 1
  
  Exactly. I uninstalled flash/java/silverlight/etc plugins all the time for people and they praise me for how fast everything loads now.
17. Re:Here's my hope. by icebraining · 2012-02-06 15:32 · Score: 1
  
  But NoScript already blocks Flash (and all other plugins), why install both?
  
  --
  Dilbert RSS feed
18. Re:Here's my hope. by evilviper · 2012-02-06 19:10 · Score: 1
  
  it breaks the browsing experience on just about every site out there
  If "the browsing experience" is a euphemism for "full-screen ad overlays you have to click through" and "crap popping up when you incidentally mouse over a random word" then I'm happy to break it...
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
19. Re:Here's my hope. by MagusSlurpy · 2012-02-06 20:59 · Score: 1
  
  No, it's a euphemism for things like CAPTCHA boxes, UBB shortcut windows, and lots of login scripts on sites that have comment systems, possibly even the one you're using now. I just stick with AdBlock and Flashblock, and I'm perfectly happy with my experience.
  
  --
  My sister opened a computer store in Hawaii. She sells C shells by the seashore.
20. Re:Here's my hope. by Inda · 2012-02-06 22:44 · Score: 2
  
  Give the man a break.
  
  I tried NoScript for a week and had to give up. When a site is loading 20 JS includes, how do you know which ones to allow for functionallity, and which ones are trackers and ad-servers?
  
  Block them all!
  
  Only you can't block them all as that often blocks content. That was probably the final straw for me - the blocked content - Google showed me a page I needed, and yet after loading the page, only the H1 headers were displayed, as the rest was generated by JS. That fails the "Dad test" every time.
  
  --
  This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
21. Re:Here's my hope. by PReDiToR · 2012-02-06 23:38 · Score: 1
  
  Sometimes I want to enable scripts on a page without enabling Flash.
  Some dickheads use Flash for their menus, which can be enabled separately from the ads and videos if the site is important enough to stay on.
  
  --
  
  Do not meddle in the affairs of geeks for they are subtle and quick to anger
22. Re:Here's my hope. by Tim+C · 2012-02-07 01:13 · Score: 2
  
  That fixes it for him. Banning FMV ads fixes it for everyone.
  
  --
  It's official. Most of you are morons.
23. Re:Here's my hope. by drinkypoo · 2012-02-07 01:43 · Score: 1
  
  Everyone can install flashblock. Or better yet, noscript, which also flashblocks.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
24. Re:Here's my hope. by JDG1980 · 2012-02-07 02:28 · Score: 2
  
  Why are you not using NoScript?
  Can't answer on his behalf, but I don't use NoScript because it breaks virtually every site on the Web by default.
Whitelist by sakdoctor · 2012-02-06 10:00 · Score: 4, Insightful

The whitelist for flash is in the single digits. Most sites don't need that privilege.
Youtube, a couple of porn sites ... that's about it really.
1. Re:Whitelist by zoloto · 2012-02-06 15:22 · Score: 1
  
  you never need flash with the appropriate plugins such as "click to plugin" always loading the video directly in a similar manner to direct video embedding does. The only benefit to flash is for sites like youtube that have and utilize flash advertisements before videos.
We should all... by Anonymous Coward · 2012-02-06 10:04 · Score: 1

Look forward to the requisite performance drop and novel new glitches. Yay.
Half Way There by rsmith-mac · 2012-02-06 10:08 · Score: 3, Insightful

Considering Flash's extensive use as an attack vector this is great news. I would sleep better at night though if Firefox itself was also sandboxed; in fact I'm a bit surprised you can even sandbox Flash when the browser doesn't support it.
1. Re:Half Way There by MetalliQaZ · 2012-02-06 10:12 · Score: 1
  
  Considering Flash's extensive use as an attack vector this is great news. I would sleep better at night though if Firefox itself was also sandboxed; in fact I'm a bit surprised you can even sandbox Flash when the browser doesn't support it.
  What happens when a user wants to download a file (on purpose) to their home directory when the entire browser is sandboxed?
  
  --
  "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
2. Re:Half Way There by godrik · 2012-02-06 10:27 · Score: 2
  
  Personnally, I run firefox using a separate user account which has read permission only where it needs. (for instance, no /etc and no /home except /etc/iceweasel and /home/firefox obvisouly)
3. Re:Half Way There by icebraining · 2012-02-06 11:53 · Score: 2
  
  A sandbox can permit saving files to a single specific directory while still denying access to any other directory.
  
  --
  Dilbert RSS feed
4. Re:Half Way There by icebraining · 2012-02-06 11:55 · Score: 1
  
  Yeap. Using sudo it's very easy to set that up.
  
  --
  Dilbert RSS feed
5. Re:Half Way There by PReDiToR · 2012-02-06 13:17 · Score: 2
  
  If you use Windows give Sandboxie a look over.
  When a file is downloaded you can recover to the directory the browser specifies or choose another location. Leaving it inside the sandbox and running it there (keygen, trial install) gives you the opportunity to remove the whole install if it contains malware, foistware or other crap you don't want.
  
  --
  
  Do not meddle in the affairs of geeks for they are subtle and quick to anger
sorry adobe, by nimbius · 2012-02-06 10:11 · Score: 5, Funny

the problem with flash security and flash in general is your corporate culture, as is evidenced by consistent prior refusals to patch egregious bugs.

consider HTML5. I personally liken it to a high caliber rifle in the face of your diseased and crippled cash cow.
so long, and please dont hesitate to continue pedaling the rest of your product line straight into the ground and hell beyond with the same toxic mismanagement as flash. We here on the internet will gladly engineer the future at your expense, until your corporate office is nothing more than the 21st century equivalent of bleached bones rotting in the noon-day sun, vultured by contractors and languishing at the precipice of bankruptcy.

--
Good people go to bed earlier.
1. Re:sorry adobe, by hobarrera · 2012-02-07 02:45 · Score: 1
  
  Wrong, wrong, wrong.
  OpenSSH, the OpenBSD kernel, and other extremely secure pieces of software are written in C, and are extremely safe. All the securest pieces of software I can think about, are in C or C++.
  Flash is unstable and insecure because Adobe is lazy and doesn't care about fixing it (it is too incompetet to do so), and doesn't die just because people and websites keep using it.
A third layer of sandboxing? by Anonymous Coward · 2012-02-06 10:11 · Score: 1

First there's the NPAPI, then there's plugin-container, and now there's another layer?
1. Re:A third layer of sandboxing? by icebraining · 2012-02-06 11:58 · Score: 3, Informative
  
  NPAPI is just an API, not a sandbox. plugin-container just prevents flash from taking the browser with it when it crashes randomly, it doesn't protect anything from malicious code.
  
  --
  Dilbert RSS feed
Project Codename: Sieve by CyberDog3K · 2012-02-06 10:15 · Score: 5, Funny

Yes, let's all rely on Adobe, the company who wrote one of the planet's least secure multimedia delivery platforms in history, to save us from their own software. I'm sure the sandbox will be stable and secure and in no way, shape, or form, completely useless and awful.
1. Re:Project Codename: Sieve by Anonymous Coward · 2012-02-06 10:21 · Score: 1
  
  They bought Flash when they acquired Macromedia. They just made it much worse.
2. Re:Project Codename: Sieve by Anomalyst · 2012-02-06 11:17 · Score: 2
  
  I cant imagine any of these "features" would have any possible positive aspect for me when using a browser.
  At best they are trivial convenience stuff to assist the marketdroids to present the sheeple with their "vision".
  I DONT want marketing dweebs running poorly concieved and even more poorly implemented code on my machine, no matter how well sandboxed.
  NoScript and Adblock FTW.
  
  --
  There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
3. Re:Project Codename: Sieve by Johann+Lau · 2012-02-06 11:38 · Score: 1
  
  name the features.
4. Re:Project Codename: Sieve by twokay · 2012-02-07 02:52 · Score: 1
  
  Indeed, the Sandbox mode in Adobe Reader X is a PITA. It plays havoc with anti-virus and i have seen workstations with no anti-virus installed refuse to open .pdf docs until it is disabled.
  
  I still leave it on by default here, but thats the first thing to check when anyone complains their pdf file wont open.
  
  --
  Wannabe nerd.
Ad Block? by antdude · 2012-02-06 11:02 · Score: 1

Come on, ad block!!

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Wow this is awesome! by stevenfuzz · 2012-02-06 11:43 · Score: 1

Now if we could just get some updates on the next Realplayer release, and whether or not it will be sandboxed with AOL, I can comfortably enter 2005 on the bleeding edge.
Firefox Dev Tools by This+is+my+user+name · 2012-02-06 13:20 · Score: 1

Firefox is getting so torn between different developer platforms. They could cater to users of canvas, with their JS scratchpad, or they could appease flash users. Tough choice.

--
I am a 5th level dwarven warrior. I have shuriken.
Its about time by PPH · 2012-02-06 13:34 · Score: 2

My cat has been trying to bury Flash for years.

--
Have gnu, will travel.
what about ie? by dirtyhippie · 2012-02-06 17:27 · Score: 1

subject says it all, really. it's nice to have it for chrome and firefox, but where it's really needed is in ie.
Nope by dutchwhizzman · 2012-02-06 18:02 · Score: 1

They still crash the browser often enough. All FF did was kill plugins that were unresponsive for an X amount of time, but the didn't do any sandboxing or insulating.

--
I was promised a flying car. Where is my flying car?
cave paintings by dutchwhizzman · 2012-02-06 18:04 · Score: 1

Cave paintings exist where they sandboxed flash. It's about time Adobe did the same....

--
I was promised a flying car. Where is my flying car?
Does it run on linux? by Requiem18th · 2012-02-06 18:35 · Score: 1

Seems like the most obvious question but does this run on Linux? Also, does Gnash, or any other free implementation of the flash plugin offer this too?

--
But... the future refused to change.
Re:Just admit Apple was right. by hobarrera · 2012-02-07 02:46 · Score: 1

Why is this downvoted? There's a very valid point being made here: flash needs to be dropped once and for all.