This week is quite an exciting one: Adobe has officially released a pre-release version of Flash Player for Firefox with a sandbox. The concept of a sandbox, or protected mode, has been around for many years, but it is fair to say that Google Chrome’s sandbox has helped make this concept better known among end-users. Another product that has successfully implemented a sandbox is Adobe Reader X: We have yet to hear about a case where an exploit was able to break out of the sandbox.
The fact that the Reader sandbox held up so far is a good indicator that the Flash Player version could hold up for some time as well. Let’s keep our fingers crossed. 
A sandbox is supposed to lock an application into a restricted space so that even if a vulnerability is found in the software, it cannot be exploited to do damage on the system. So if you were to visit a website that is hosting a malicious Flash file, it will not actually be able to break out of Flash Player’s sandbox and do damage to the system. Creating a sandbox is usually achieved by dropping the application to a low-integrity process. Being low-integrity, it can’t access the system in uncontrolled ways.
Peleus Uhley wrote some very interesting blog posts on sandboxing that go into a little more technical detail:
http://blogs.adobe.com/asset/2012/02/flash-player-sandboxing-is-coming-to-firefox.html
http://blogs.adobe.com/asset/2010/12/the-year-of-the-sandbox-isnt-over-yet.html
I encourage everyone to give the pre-release a shot and try the sandbox out for yourself. If you run into any issues with Protected Mode for Flash Player, please feel free to leave your feedback in the pre-release forums.
If you are a security researcher and you have feedback that is valuable to our security minded folks at Adobe, please use one of our security notification methods.
Comments
This is really exciting news, flash offers features i am interested in and can not be found in any other format.
Hi Bojan,
Thank you for your comment. It’s an exciting time for Flash Player, and there will be more good news coming on this blog soon! Stay tuned!
-Stephen
Pingback: Adobe Flash Player for Firefox gets a sandbox « Reader@w3bmast3r.com
Having trouble with my flashplayer for firefox. I can’t watch anything current. On Google chrome, I can watch everything. Is this being done on purpose, so that people would HAVE to go to Chrome or does my firefox not have the latest flashplayer? Thanks.
Hi Joanna,
Thanks for your report. Are you still experiencing this issue? If you do, could you please post to the Flash Player installation forums? That would be much appreciated.
Thanks!