Flash Player sandbox available for Firefox

Flash Player sandbox available for Firefox

Summary: Adobe says the feature is comparable to the Flash Player Protected Mode in Google Chrome browser, Protected Mode in Adobe Reader, and Office 2010 Protected View.

SHARE:

Adobe is putting its Flash Player in a sandbox to keep malicious hackers at bay.

The ubiquitous Flash Player software, which is a big target for mass malware and targeted attacks, is being fitted with a Protected Mode component to limite the damage from attacks launched from rigged SWF files.

Threatpost reports that the current Flash Player 11.3 beta already contains Protected Mode for Firefox 4.0+ running on Windows Vista and higher.

Adobe says the feature is comparable to the Flash Player Protected Mode in Google Chrome browser, Protected Mode in Adobe Reader, and Office 2010 Protected View.

Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation.

Topics: Browser, Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Linux and Flash 11.3

    No 11.3 for Linux?
    Grayson Peddie
    • dunno about that

      ... but it sure looks like anyone who wants this feature - but happens to be running a FF 3.* version (like myself: 3.6.26) is sh!t outta luck.
      thx-1138_
      • Kubuntu 12.04

        I'm using Kubuntu 12.04 with the latest version of Firefox.
        Grayson Peddie
    • They Announced Linux Would Only Be Supported Through Pepper

      No, there won't be a regular plug-in of 11.3 for Linux. They announced a little while ago that 11.2 would be the last such version (although they said bugfixes for 11.2 would continue for a while). New versions of Flash for Linux will only be released as Pepper plug-ins, which are supported only in Chrome and Chromium at this point (but which may be supported in other browsers later).
      CFWhitman
  • Time to get rid of Flash once and for all

    This is just another band aid until the next exploit comes.

    I thought they were supposed to stop development on this? Getting smart and eventually abandoning Flash altogether?
    ScorpioBlack
    • Why get rid of a great technology?

      Flash is not dead, they are just abandoning updates on mobile devices. Which is good since mobile devices are really too small for Flash in the browser and mobile battery life is pretty low.

      Flash is an awesome technology that is on 99.7% of non-mobile internet connected computers. It has many uses which other languages cannot complete with. Why get rid of it because lots of programmers use it to do awful things? Sorry but that is a flawed suggestion.

      - Some people use guns to kill people so lets just abolish guns altogether? That is gonna get you a lot of friends in the USA...
      - Terroists flew planes in to the twin towers so lets just abolish air travel.
      - Most programs on TV are awful so why don't we just abolish TV altogether.
      You see - just because something isn't being used right, doesn't mean we should not have these things.

      Oh... and before you tell me Flash is no good at anything, have you seen Jim Carrey's site? http://www.jimcarrey.com/

      Come back to me when HTML5 or another technology can do something even CLOSE to that. I'm not holding my breath... HTML5 is DECADES away from being able to do that. Hell they can't even agree on a video standard...
      jan bLinQue
      • It's not great technology

        It's unnecessary eye-candy junk that bogs down webpage loading and is a prime attack vector for malware. Why do you think Flash blockers are so popular out there?

        Only advertisers and ADD flashboys addicted to eye candy benefit from Flash.

        The rest of your post is crap full of off-topic red herrings and an eye candy demonstration.

        I look forward to the eventual death of malware induced plug-ins like Flash. Long live HTLML5.
        ScorpioBlack