Adobe Debuts Secure Sandboxed Flash Player for Firefox

A similar version has been available for Chrome for more than a year

By on February 7th, 2012 13:51 GMT

Security-conscious Firefox users have something to be glad about, there is now a sandboxed Flash Player plugin for their browser. This new plugin isolates web content from the rest of the system, greatly limiting the potential danger of any malicious Flash file.

A similar feature had been available for Google Chrome users for more than a year now, but it is only now becoming available for Firefox. The reason for this is because Google Chrome comes with a built-in sandbox, where as Adobe had to devise its own for the Firefox version.

"Adobe has launched a public beta of our new Flash Player sandbox (aka 'Protected Mode') for the Firefox browser. The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach," Adobe's Peleus Uhley wrote.

The new Flash Player is available in beta for testing purposes labeled as Flash Player Incubator. The technology will be used in the regular Flash Player for Firefox later this year, on the Windows platform.

Adobe uses a similar method, based on the one Google uses in Chrome for both its Adobe Reader X and the Chrome version of Flash Player and now in the new Flash Player for Firefox.

For Chrome, Adobe created a version of the plugin based on the PPAPI, the Pepper Plugin API. This Flash Player version is bundled with Google Chrome and is updated along with the browser, usually slightly ahead of regular Flash Player patches.

Adobe repurposed the sandboxing technology developed for Reader X and created a version of the Flash Player plugin for Firefox that runs code isolated from the browser and the system.

Adobe boasts that there were no successful exploits for Adobe Reader X since the sandboxing technology was introduced in November 2010.

The company is also working on a version of the sandboxed plugin for Internet Explorer. IE uses a different plugin platform so it may be a while until such a plugin arrives. But the IE Flash Player already leverages some security features available in IE.

Comments

The Flash Player plugin will be sandboxed in Firefox for Windows as well
   The Flash Player plugin will be sandboxed in Firefox for Windows as well