Security-conscious Firefox users have something to be glad about, there is now a sandboxed Flash Player plugin for their browser. This new plugin isolates web content from the rest of the system, greatly limiting the potential danger of any malicious Flash file.
A similar feature had been available for Google Chrome
users for more than a year now, but it is only now becoming available for Firefox. The reason for this is because Google Chrome comes with a built-in sandbox, where as Adobe had to devise its own for the Firefox version.
"Adobe has launched a public beta of our new Flash Player sandbox (aka 'Protected Mode') for the Firefox browser. The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach," Adobe's Peleus Uhley wrote
The new Flash Player is available in beta for testing purposes
labeled as Flash Player Incubator. The technology will be used in the regular Flash Player for Firefox later this year, on the Windows platform.
Adobe uses a similar method, based on the one Google uses in Chrome for both its Adobe Reader X and the Chrome version of Flash Player and now in the new Flash Player for Firefox.
For Chrome, Adobe created a version of the plugin based on the PPAPI, the Pepper Plugin API. This Flash Player version is bundled with Google Chrome and is updated along with the browser, usually slightly ahead of regular Flash Player patches.
Adobe repurposed the sandboxing technology developed for Reader X and created a version of the Flash Player plugin for Firefox that runs code isolated from the browser and the system.
Adobe boasts that there were no successful exploits for Adobe Reader X since the sandboxing technology was introduced in November 2010.
The company is also working on a version of the sandboxed plugin for Internet Explorer. IE uses a different plugin platform so it may be a while until such a plugin arrives. But the IE Flash Player already leverages some security features available in IE.