Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Browser

Coming to Firefox: Flash Player in a sandbox

Summary: Adobe says sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of writing effective exploits.

Ryan Naraine

By for Zero Day |

Adobe's Flash Player plugin that ships with the Firefox browser will soon be fitted with a sandbox as part of the company's ongoing attempt to keep malicious hackers at bay.

Adobe has launched a public beta of a new Flash Player sandbox (aka "Protected Mode") for Mozilla's flagship browser and the company expects to have a final version of the anti-exploit roadblock later this year.

According to Peleus Uhley, a researcher in Adobe's secure software engineering team, the design of the Firefox Flash sandbox is similar to the Protected Mode mitigation fitted into Adobe Reader X.

Uhley explains:

follow Ryan Naraine on twitter

Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7.

[ SEE: Ten little things to secure your online presence ]

Uhley said sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits.

Ever since Adobe Reader X unveiled its sandbox in November 2010, Adobe says it has "not seen a single successful exploit in the wild" against the newest version of that sofware.

"We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year," Uhley said.

Separately, Adobe security chief Brad Arkin says the company is moving to silent auto security updates for Flash Player "soon."

Topics: Browser, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion

  • Wait...

    Adobe's still investing in Flash???

    By all accounts...a little late re. "security investments". And a little confusing WRT the recent announcements of moving away from Flash and towards standard UI technologies.
    techboy_z
    Reply Vote

    • dsfdf

      China Wholesale Wholesale Clocks http://www.chinawholesaletown.com/wholesale-Memory-Card/ Clocks
      Wholesale Lighter Wholesale Stress Ball http://www.chinawholesaletown.com/wholesale-Water-Bottle/ Cap
      Wholesale Cap Wholesale Frisbee http://www.chinawholesaletown.com/wholesale-Glass/ USB Products
      Wholesale Cards Sport Support Products http://www.chinawholesaletown.com/wholesale-Helmet/ Speakers
      Wholesale Socks China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Entertainment Supplies
      Wholesale Belt Wholesale Pen http://www.chinawholesaletown.com/wholesale-Lunch-Box/ Health Care Products
      Wholesale Carabiner Wholesale Pedometer http://www.chinawholesaletown.com/wholesale-T-Shirts/ Coca Cola Gifts
      Patient Care Products Hair Products http://www.chinawholesaletown.com/wholesale-Stationery/ Keychain
      Wholesale Furniture Christmas Gifts http://www.chinawholesaletown.com/wholesale-Swimming/ Beauty Equipment
      Wholesale Fan Silicone Products http://www.chinawholesaletown.com/wholesale-Massager/ Swimming Products
      Wholesale Clocks Wholesale T-Shirts http://www.chinawholesaletown.com/wholesale-Carabiner/ Calendar
      Hair Products Automotive Products http://www.chinawholesaletown.com/wholesale-Glove/ Wallet
      Automotive Products Personal Safety Products http://www.chinawholesaletown.com/wholesale-Industrial-Supplies/ Compressed Products
      Wholesale Poncho Wholesale Stapler http://www.chinawholesaletown.com/wholesale-Calculator/ Medicine Instrument
      Men Beauty Care Safety Suppliers http://www.chinawholesaletown.com/wholesale-Men-Beauty-Care/ Safety Products
      Mouse Pad Wholesale Thermometer http://www.chinawholesaletown.com/wholesale-World-Cup-Horn-Vuvuzela/ Home Appliances
      Promotional Products Wholesale Badge http://www.chinawholesaletown.com/wholesale-Inflatable/ Memory Card
      Wholesale Vase Manicure Set http://www.chinawholesaletown.com/wholesale-Cards/ Hardware Tools
      Wholesale Pin Wholesale Calendar http://www.chinawholesaletown.com/wholesale-Badge---Pin/ Keyboard
      Reflective Safety Vest Wholesale Pom Poms http://www.chinawholesaletown.com/wholesale-Ashtray/ Watch
      Wholesale Thermometer Poncho Raincoat http://www.chinawholesaletown.com/wholesale-Coaster/ Vocal Concert Products
      Writing Instrument Solar Products http://www.chinawholesaletown.com/wholesale-Manicure-Set/ Water Bottle
      Wholesale Scarf Wholesale Raincoat http://www.chinawholesaletown.com/wholesale-Watch/ Computer Accessories
      Industrial Supplies Wholesale Cap http://www.chinawholesaletown.com/wholesale-Voice-Recorder/ Business Gift
      Wholesale Bedding Baby Products Suppliers http://www.chinawholesaletown.com/wholesale-Cooler/ Cooler
      Cleaner Products Wedding Favors http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Bedding
      Solar Products Lady Beauty Care http://www.chinawholesaletown.com/wholesale-Mouse-Pad/ Mat
      Wholesale Pom Poms Lighting Products http://www.chinawholesaletown.com/wholesale-Magnifier/ Mp3
      Personal Safety Products Wholesale Playing Card http://www.chinawholesaletown.com/ Glove
      Arts Crafts Promotional Items http://www.chinawholesaletown.com/wholesale-Safety/ Apron
      Inflatable Products Wholesale Keychain http://www.chinawholesaletown.com/wholesale-Scarf/ iPod iPhone
      Advertising Material Wholesale Camera http://www.chinawholesaletown.com/wholesale-Arts-Crafts/ Electroluminescent
      China Wholesale Wholesale Clothing http://www.chinawholesaletown.com/wholesale-Electroluminescent/ Advertising Material
      Recorder Pen Promotional Gifts http://www.chinawholesaletown.com/wholesale-Cleaner/ Coaster
      Wholesale Flag Wholesale Binoculars http://www.chinawholesaletown.com/wholesale-Business-Gift/ China Wholesale
      Wholesale Watch Wholesale Poncho http://www.chinawholesaletown.com/wholesale-Lighter/ Cup
      Wholesale Wallet Writing Instrument http://www.chinawholesaletown.com/ Baby Products Suppliers
      jywhy888
      Reply Vote

  • Hope there will be a 64 bits version too

    and low resource consumption.
    RelaxWalk
    Reply Vote

    • Doubt it ....

      @RelaxWalk .... The fastest way to drain a battery on any laptop (or Android device) is using Flash.
      wackoae
      Reply Vote

  • RE: Coming to Firefox: Flash Player in a sandbox

    The problem with Flash being in a sandbox is Flash dumps so many cat turds that the box will quickly fill up and crash.
    gribittmep
    Reply Vote

    • You've obviously never heard of ...

      @gribittmep .. Sandboxie

      According to Uhley:

      [i]" ... Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7. "[/i]

      ...hmmmmm, sounds uncannily alot, to me, like what Sandboxie has done for me for the last 4 years. Difference is, with Sandboxie i get to discard all contents after a sandboxed, browsing session. Add to that, that I also get to run any app', i so please, in a sandbox ... you can't do that with a browser-specific sandbox. ;)

      But don't take my word for it. Try it .. you'll fly it! :D

      http://www.sandboxie.com/
      thx-1138_
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close