Adobe Flash Player for Firefox gets a sandbox

This week is quite an exciting one: Adobe has officially released a pre-release version of Flash Player for Firefox with a sandbox. The concept of a sandbox, or protected mode, has been around for many years, but it is fair to say that Google Chrome’s sandbox has helped make this concept better known among end-users. Another product that has successfully implemented a sandbox is Adobe Reader X: We have yet to hear about a case where an exploit was able to break out of the sandbox.

The fact that the Reader sandbox held up so far is a good indicator that the Flash Player version could hold up for some time as well. Let’s keep our fingers crossed. Fingers crossedSmile

A sandbox is supposed to lock an application into a restricted space so that even if a vulnerability is found in the software, it cannot be exploited to do damage on the system. So if you were to visit a website that is hosting a malicious Flash file, it will not actually be able to break out of Flash Player’s sandbox and do damage to the system. Creating a sandbox is usually achieved by dropping the application to a low-integrity process. Being low-integrity, it can’t access the system in uncontrolled ways.

Peleus Uhley wrote some very interesting blog posts on sandboxing that go into a little more technical detail:

http://blogs.adobe.com/asset/2012/02/flash-player-sandboxing-is-coming-to-firefox.html

http://blogs.adobe.com/asset/2010/12/the-year-of-the-sandbox-isnt-over-yet.html

I encourage everyone to give the pre-release a shot and try the sandbox out for yourself. If you run into any issues with Protected Mode for Flash Player, please feel free to leave your feedback in the pre-release forums.

If you are a security researcher and you have feedback that is valuable to our security minded folks at Adobe, please use one of our security notification methods.

5 Responses to Adobe Flash Player for Firefox gets a sandbox

  1. This is really exciting news, flash offers features i am interested in and can not be found in any other format.

    • Stephen Pohl says:

      Hi Bojan,

      Thank you for your comment. It’s an exciting time for Flash Player, and there will be more good news coming on this blog soon! Stay tuned!

      -Stephen

  2. Pingback: Adobe Flash Player for Firefox gets a sandbox « Reader@w3bmast3r.com

  3. Joanna Oz-Davis says:

    Having trouble with my flashplayer for firefox. I can’t watch anything current. On Google chrome, I can watch everything. Is this being done on purpose, so that people would HAVE to go to Chrome or does my firefox not have the latest flashplayer? Thanks.