Adobe Puts Flash for Firefox in a Sandbox
Love it or hate it, but Adobe's Flash plugin is likely one of the world's most widely distributed pieces of software. Given its popularity, it doesn't come as a surprise that Flash is also popular with hackers, who do their best to exploit flaws in it. Chrome and Internet Explorer 7+ users can already rest assured that hackers can't use Flash to compromise their browser, as the plugin runs in a sandboxed mode on Google's and Microsoft's browsers. Soon, Firefox users will get access to the same technology, as Adobe today announced the first public beta of its new Flash Player sandbox for Firefox.
With this new version of the Flash Player, Adobe is following the same playbook it used for making the Adobe Reader safer by implementing a sandbox and protected mode. Since the launch of Adobe Reader X, the company notes, there hasn't been a single successful exploit against it in the wild. According to Peleus Uhley, a senior security researcher within the Secure Software Engineering team at Adobe, Flash's "sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation."
It's worth noting that it has taken Adobe and Mozilla quite a while to bring this sandboxed version of Flash to market. Internet Explorer 7, after all, has had the privilege of running Flash in Vista's and Windows 7's Protected Mode since 2006.
For now, the beta only works for Firefox 4 and later and on Windows Vista and Windows 7. You can download the beta here.