Firefox users should be safer thanks to the new security feature

Jun 11, 2012 12:30 GMT  ·  By

Adobe's latest Flash Player update is a relatively minor release, but it comes with some new features and capabilities, not just fixes. One interesting new feature in Flash Player 11.3 is sandboxing support in Firefox, on Windows (only Vista and 7).

The new Flash sandbox adds a much needed security layer in Firefox, hopefully limiting the number of successful attacks via the plugin.

"Flash Player 11.3 brings the first production release of Flash Player Protected Mode for Firefox on Windows," Adobe wrote.

"This sandboxing technology is based on the same approach that is used within the Adobe Reader X Protected Mode sandbox. Flash Player Protected Mode for Firefox is another step in our efforts to raise the cost for attackers seeking to leverage a Flash Player bug in a working exploit that harms end-users," it added.

Adobe boasted once again that Protected Mode in Adobe Reader X has proven very successful so far. Earlier it said that there had been known successful attacks in the wild since the Reader sandbox was introduced.

A sandbox isolates a process from the operating system, resources and all the other processes, thereby limiting the potential damage an attack can do.

Adobe's Firefox sandbox is actually the most advanced Flash sandbox there is, as it adds several new features missing from the IE implementation and the Chrome version.

With Chrome, Adobe was able to engineer the Flash Plugin to work with parts of the Chrome sandbox. However, the Flash sandbox in Chrome and the generic Chrome sandbox, where web content is handled, are separate. For Firefox, Adobe had to create the component provided by Chrome, the broker.

Firefox already runs all plugins in a different process separate from the main browser one. Adobe took it one step further by forking the plugin into two new processes.

The first, the broker process, runs at the default security level, medium integrity, and handles communications between the main Flash process, which runs with low integrity and is greatly limited, and the browser or resources such as the file system, webcam and so on.

Adobe took advantage of tools already present in Windows to run Flash content in a low integrity process with only the minimum set of permissions needed.

This creates an effective sandbox around the content. Anything running in this process can't do much to affect or access the rest of the operating system since everything has to pass through the broker process that decides whether to grant access or not.

Photo Gallery (2 Images)

The Flash sandbox architecture for Firefox on Windows
Flash spawns two different processes, the main content one being strictly limited
Open gallery