Adobe puts Firefox Flash plugin in the sandbox

Adobe puts Firefox Flash plugin in the sandbox

Summary: Flash to become safer for Firefox users.

SHARE:

Good news everyone (well, at least for Firefox users)!

You might be able to live without Flash in your favorite iDevice, but on the PC you're likely to still be relying on this platform, which unfortunately is heavily targeted by hackers. The Adobe Flash plugin already runs in a sandbox mode in Microsoft's Internet Explorer and Google's Chrome browsers, and soon it will get the same treatment in Mozilla's Firefox browser as Adobe announces the first public beta of its new Flash Player sandbox for Firefox.

Running the plugin in a sandbox, otherwise known as protected mode, will potentially reduce the seriousness of any code vulnerabilities by isolating it from the system.

'Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits,' said Peleus Uhley, senior security researcher for Adobe.

'For example, since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X. We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year.'

I've been using the plugin for a few hours, and while I can't claim to have tested it thoroughly, it seems to work well and seems quite stable. I wouldn't use it on a mission-critical system, but it's certainly safe for testing.

The beta plugin will work with Firefox 4.0 or later versions running on Windows 7 or Vista.

Topics: Browser, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Test

    test
    Dietrich T. Schmitz *Your
    • test

      @Dietrich T. Schmitz * Your Linux Advocate
      Dietrich T. Schmitz *Your
      • RE: Adobe puts Firefox Flash plugin in the sandbox

        @Dietrich T. Schmitz * Your Linux Advocate

        Dietrich looks like you haves two testes!
        gribittmep
  • RE: Adobe puts Firefox Flash plugin in the sandbox

    Followed the install instructions meticulously, but my RealPlayer couldn't interact with new FlashPlayer version at all, although it could see it. Ran through all the troubleshooting, etc....finally pulled it out and reinstalled my saved copy (thank god I kept it) of previous AdobeFlash 10 Active X. All is fine again.
    wetscott
  • RE: Adobe puts Firefox Flash plugin in the sandbox

    You report that Flash already runs in a sandboxed mode in IE, but Lucian Constantin of PCWorld reports, via a quote from Wiebke Lips (of Adobe), that IE does not, in fact, have sandboxing.
    http://www.pcworld.com/article/249393/adobe_launches_sandboxed_flash_player_for_firefox_hopes_for_fewer_exploits.html
    caspy7
    • RE: Adobe puts Firefox Flash plugin in the sandbox

      @caspy7 I was under that impression too. IE never ever ran any of its plugins sandboxed. Its protected mode is just for the browser itself. IE would have to go through a major engineer reworking to sandbox all its plugins. In fact, Chrome doesn't sandbox any of its plugins except Flash, and its a specialized flash made in conjunction with Adobe.
      Aliephe
  • RE: Adobe puts Firefox Flash plugin in the sandbox

    The problem with Flash's sandbox is it's full of cat turds.
    gribittmep
  • Flash

    Thanks Adobe for the Firfox plugin, but most sites I am visiting are already HTML5 aware. So no need to install this flash plug-in.
    Martmarty
  • RE: Adobe puts Firefox Flash plugin in the sandbox

    So.. the real question.. drum roll. does this also stop information leaks via those pesky flash cookies? If Flash is in the sandbox, then the cat ought to be able to bury the flash cookies.
    opcom
  • RE: Adobe puts Firefox Flash plugin in the sandbox

    Hm- maybe it will run just fine in Windows 8
    BlinkyComix