Coming to Firefox: Flash Player in a sandbox

Adobe says sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of writing effective exploits.

Adobe's Flash Player plugin that ships with the Firefox browser will soon be fitted with a sandbox as part of the company's ongoing attempt to keep malicious hackers at bay.

Adobe has launched a public beta of a new Flash Player sandbox (aka "Protected Mode") for Mozilla's flagship browser and the company expects to have a final version of the anti-exploit roadblock later this year.

According to Peleus Uhley, a researcher in Adobe's secure software engineering team, the design of the Firefox Flash sandbox is similar to the Protected Mode mitigation fitted into Adobe Reader X.

Uhley explains:

follow Ryan Naraine on twitter

Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7.

[ SEE: Ten little things to secure your online presence ]

Uhley said sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits.

Ever since Adobe Reader X unveiled its sandbox in November 2010, Adobe says it has "not seen a single successful exploit in the wild" against the newest version of that sofware.

"We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year," Uhley said.

Separately, Adobe security chief Brad Arkin says the company is moving to silent auto security updates for Flash Player "soon."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All