Feeds

back to article Adobe adds Flash sandboxing to Firefox

Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser. “Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring …

COMMENTS

This topic is closed for new posts.
Trollface

Flash will protect Firefox by crashing. No, wait, that's the current behavior.

8
1
Gold badge
Trollface

I protected Firefox by not installing Flash :)

9
0
Gold badge

Adobe security

Hold on. So Adobe; the people responsible for all the holes in the plug-ins that are so frequently used to attack peoples computers are the same people implementing the sandbox? Isn't that like employing peodophiles to keep the kids safe in kindergarden?

5
3
Bronze badge

@"Isn't that like employing peodophiles to keep the kids safe in kindergarden?"

No, it's not; Adobe didn't hack your system.

However it is like giving the "chaperone" who left the children alone in the company of a paedophile a training course and then re-employing them.

7
0
Anonymous Coward

The protection relies on -

- using so much RAM and CPU that malware can't get a look in.

14
1
Devil

I protected firefox by installing Opera ;)

0
5
Jad

Meh!

0
0
Silver badge

Same plugin, same exploit

You need the upcoming "out-of-process" plugin support in Opera 12 to avoid crashes and exploits through plugins.

As for everyone smarmily crowing over Adobe's security record: exploits are inevitable in any runtime. Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.

4
1
Silver badge
FAIL

@charlie clark

"much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up."

ActiveX wasn't low hanging , it was on the ground rotting. ActiveX was one of the most braindead ideas Microsoft ever came up with and the competition there is pretty steep. "I know, lets allow browser plugins that run as native exes with full user permissions! What could possibly go wrong?". Fscking morons.

8
1
Anonymous Coward

> Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.

Sorry, did you mean "Adobe's products are a common target because Adobe are so far behind everyone else in securing their products that you can even use ActiveX as an example of something that's more secure."?

0
1
Law
Paris Hilton

@ boltar

"ActiveX was one of the most braindead ideas Microsoft ever came up with and the competition there is pretty steep."

Auto-run being a close second?

1
1
Unhappy

"exploits are inevitable in any runtime"

Why? Because of poor requirements and specifications, poor reviews, poor coding, poor testing etc. etc,

FFS, if airplanes crashed at the rete computer programs did we'd all have to live underground and *nobody* would use them.

Accidents don't happen, accidents are caused.

1
1

Wait...

Adobe have a senior security researcher? I'll be damned.

3
0
Gold badge
Facepalm

In every large company somebody has to write those huge standards documents that nobody ever reads.....

2
0
Gold badge
Joke

@Andy Fletcher

Yeah, it seems that the work experience kid didn't know how to make coffee. He had to do something while he was there...

1
0
FAIL

Good timing

Shutting the door after the horse has bolted and died of old age ....... some people never know when they have lost !

0
0

This post has been deleted by its author

I protect Firefox by using NoScripts, duh

After all the comments above I thought it worth pointing something out. That unlike other browsers, with the addition of one plug-in Firefox gives you full power over which websites are allowed to run flash and javascript (the actual main way people hack browsers thru webpages).

I love the way the thread has turned into a browser competition. All browsers use flash and all therefore have the same vulnerabilities to it.

Also good byline on the article, trying to dismiss how useful this will be.

3
0
Anonymous Coward

> All browsers use flash and all therefore have the same vulnerabilities to it.

iOS browsers don't.

Not that I'm seriously putting them forward as entrants for any sort of "good browser" competition; that would be laughable.

1
0
Meh

A bit late?

Is it me or have the number of Flash security updates dropped off over the last few months?

1
1

This post has been deleted by its author

No...

Aren't the amount of security releases proportional to the amount of vulnerabilities that are being exploited. I don't recall seeing anything about vulnerabilities in the latest version, that are being exploited ( sure someone will correct me). Each of the security releases recently have been in response to a vulnerability that people were using in the wild. They will not make new security releases if there is nothing to secure against.

So now they are not having to firefight vulnerabilities, instead they will focus those resources on building more and better functionality. New functionality like say, a sand boxing function.....

0
0
Stop

Ass Backwards Logic

Correct me if I'm wrong, but I read that as adobe are spending programmer time building a sandbox solution to run their insecure code, rather than using the same programmer's time to build a secure solution in the first place, or dig out all the bugs in the current code.

Isn't that kind of ass backwards logic?

2
1
This topic is closed for new posts.