Flash Player sandboxing is coming to Firefox

Discussion in 'other software & services' started by The Seeker, Feb 6, 2012.

Thread Status:
Not open for further replies.
  1. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Flash Player sandboxing is coming to Firefox.

    Public beta download.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Finally.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Is it specific to Firefox, or is it for non-IE browsers in general, meaning they all would benefit from it?

    For instance, if one were to install that version, but uses say Chromium, would the plugin still run sandboxed? If it works at the image of Adobe Reader X, then it wouldn't need a specific browser?

    Unfortunately, I cannot test it and verify whether or not that would happen. :(
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Once this is out there will definitely be more Java exploits. Perhaps more kernel exploits as well to go after these sandboxes, but I doubt it - Java's too easy.

    Nice to see Firefox step it up.

    EDIT: And M00n, Chrome uses its own broker process for its Flash player (I suspect this is where the further sandboxing comes from, in respect to the conversation from another topic ie: monitoring IPC between broker and Flash), which would likely make it more secure (see parens) but it would probably work with it. Maybe even Opera.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Krebs on Security
     
  6. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    I am using 11.2.300.130 with FF 11 beta, so far I haven´t noticed any problem. I installed it over 11.2.202.197, which is beta 5 (according to FileHippo).
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Known Issues

    From the PDF.
     
  8. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    http://www.computerworld.com/s/arti...lash_security_work?taxonomyId=17&pageNumber=1
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thanks for that, but my doubt wasn't about that. It was rather if it would benefit Opera (Windows version) as well, for instance?

    At the exception of Google Chrome, there are two plugins - IE and non-IE. I'm wondering if the non-IE (introduced as being for Firefox) will work for any other browser on Windows as well that makes use of the non-IE plugin?


    -edit-

    Never mind; I didn't notice that Opera was mentioned as not being supported.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I honestly never knew they only improved the IE version last time. About time though.
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Funny article, because Adobe Reader X is actually based on IE's Protected Mode and Chromes sandbox (which was also based on IE's protected mode). They were also in communication with Microsoft to gain the knowledge on how best to implement it, yet now they are saying the complete opposite: that it's harder to implement for IE than Firefox because the latter is open source? What did they do, forget about that special communication line they had with Microsoft when making Reader X?

    If the open source claim is true, why did it still take them THIS long to get the plugin finished? I highly doubt that trying to read and understand the billions of lines of code in firefox is easier than having Microsoft dogfeed you what to do like they did with Reader X.

    Oh well, at least it's still on the to-do, I wonder if I'll even have flash installed by that time though. Also I doubt Apple cares much about being left out by Flash considering they are just hoping it dies.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    When creating Adobe Reader's sandbox they actually worked directly with both Microsoft and Google.

    Open source would of course make it easier. And I assume they needed cooperation on Firefox's side as well.
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Well that is what I said.

    If that is what happened it would make a lot more sense, but that wasn't mentioned so I assumed otherwise. Open source aside, trying to read and understand someone else's code can take quite a bit of time without assistance from that person/party, which could explain why it took so long to get it out in the first place (without help from Mozilla). My point was I doubt such a process would be faster than asking Microsoft "tell us what to do" like they did with Reader. I personally think it's an excuse to cover themselves for taking so long to push this extra security.
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    C++ is pretty easy to read. Nice and broken up.

    Not all of the code would need to be read either. Probably not much at all, just the plugin container.

    But they would almost definitely have to talk to them because there are likely changes to the plugin container and other areas that need to happen for it to work.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Good thing I dumped Java a year ago and haven't missed it any. :D
     
Loading...
Thread Status:
Not open for further replies.