Discussion in 'other software & services' started by The Seeker, Feb 6, 2012.
Flash Player sandboxing is coming to Firefox.
Public beta download.
Is it specific to Firefox, or is it for non-IE browsers in general, meaning they all would benefit from it?
For instance, if one were to install that version, but uses say Chromium, would the plugin still run sandboxed? If it works at the image of Adobe Reader X, then it wouldn't need a specific browser?
Unfortunately, I cannot test it and verify whether or not that would happen.
Once this is out there will definitely be more Java exploits. Perhaps more kernel exploits as well to go after these sandboxes, but I doubt it - Java's too easy.
Nice to see Firefox step it up.
EDIT: And M00n, Chrome uses its own broker process for its Flash player (I suspect this is where the further sandboxing comes from, in respect to the conversation from another topic ie: monitoring IPC between broker and Flash), which would likely make it more secure (see parens) but it would probably work with it. Maybe even Opera.
Krebs on Security
I am using 11.2.300.130 with FF 11 beta, so far I haven´t noticed any problem. I installed it over 188.8.131.52, which is beta 5 (according to FileHippo).
From the PDF.
Thanks for that, but my doubt wasn't about that. It was rather if it would benefit Opera (Windows version) as well, for instance?
At the exception of Google Chrome, there are two plugins - IE and non-IE. I'm wondering if the non-IE (introduced as being for Firefox) will work for any other browser on Windows as well that makes use of the non-IE plugin?
Never mind; I didn't notice that Opera was mentioned as not being supported.
I honestly never knew they only improved the IE version last time. About time though.
Funny article, because Adobe Reader X is actually based on IE's Protected Mode and Chromes sandbox (which was also based on IE's protected mode). They were also in communication with Microsoft to gain the knowledge on how best to implement it, yet now they are saying the complete opposite: that it's harder to implement for IE than Firefox because the latter is open source? What did they do, forget about that special communication line they had with Microsoft when making Reader X?
If the open source claim is true, why did it still take them THIS long to get the plugin finished? I highly doubt that trying to read and understand the billions of lines of code in firefox is easier than having Microsoft dogfeed you what to do like they did with Reader X.
Oh well, at least it's still on the to-do, I wonder if I'll even have flash installed by that time though. Also I doubt Apple cares much about being left out by Flash considering they are just hoping it dies.
When creating Adobe Reader's sandbox they actually worked directly with both Microsoft and Google.
Open source would of course make it easier. And I assume they needed cooperation on Firefox's side as well.
Well that is what I said.
If that is what happened it would make a lot more sense, but that wasn't mentioned so I assumed otherwise. Open source aside, trying to read and understand someone else's code can take quite a bit of time without assistance from that person/party, which could explain why it took so long to get it out in the first place (without help from Mozilla). My point was I doubt such a process would be faster than asking Microsoft "tell us what to do" like they did with Reader. I personally think it's an excuse to cover themselves for taking so long to push this extra security.
C++ is pretty easy to read. Nice and broken up.
Not all of the code would need to be read either. Probably not much at all, just the plugin container.
But they would almost definitely have to talk to them because there are likely changes to the plugin container and other areas that need to happen for it to work.
Good thing I dumped Java a year ago and haven't missed it any.