back to article Adobe adds Flash sandboxing to Firefox

Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser. “Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring …

COMMENTS

This topic is closed for new posts.
  1. Tom Maddox Silver badge
    Trollface

    Flash will protect Firefox by crashing. No, wait, that's the current behavior.

    1. BristolBachelor Gold badge
      Trollface

      I protected Firefox by not installing Flash :)

  2. BristolBachelor Gold badge

    Adobe security

    Hold on. So Adobe; the people responsible for all the holes in the plug-ins that are so frequently used to attack peoples computers are the same people implementing the sandbox? Isn't that like employing peodophiles to keep the kids safe in kindergarden?

    1. Brewster's Angle Grinder Silver badge

      @"Isn't that like employing peodophiles to keep the kids safe in kindergarden?"

      No, it's not; Adobe didn't hack your system.

      However it is like giving the "chaperone" who left the children alone in the company of a paedophile a training course and then re-employing them.

  3. Anonymous Coward
    Anonymous Coward

    The protection relies on -

    - using so much RAM and CPU that malware can't get a look in.

  4. keith 9
    Devil

    I protected firefox by installing Opera ;)

    1. Jad
    2. Charlie Clark Silver badge

      Same plugin, same exploit

      You need the upcoming "out-of-process" plugin support in Opera 12 to avoid crashes and exploits through plugins.

      As for everyone smarmily crowing over Adobe's security record: exploits are inevitable in any runtime. Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.

      1. Anonymous Coward
        FAIL

        @charlie clark

        "much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up."

        ActiveX wasn't low hanging , it was on the ground rotting. ActiveX was one of the most braindead ideas Microsoft ever came up with and the competition there is pretty steep. "I know, lets allow browser plugins that run as native exes with full user permissions! What could possibly go wrong?". Fscking morons.

        1. Law
          Paris Hilton

          @ boltar

          "ActiveX was one of the most braindead ideas Microsoft ever came up with and the competition there is pretty steep."

          Auto-run being a close second?

      2. Anonymous Coward
        Anonymous Coward

        > Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.

        Sorry, did you mean "Adobe's products are a common target because Adobe are so far behind everyone else in securing their products that you can even use ActiveX as an example of something that's more secure."?

      3. Field Marshal Von Krakenfart
        Unhappy

        "exploits are inevitable in any runtime"

        Why? Because of poor requirements and specifications, poor reviews, poor coding, poor testing etc. etc,

        FFS, if airplanes crashed at the rete computer programs did we'd all have to live underground and *nobody* would use them.

        Accidents don't happen, accidents are caused.

  5. Andy Fletcher

    Wait...

    Adobe have a senior security researcher? I'll be damned.

    1. TeeCee Gold badge
      Facepalm

      In every large company somebody has to write those huge standards documents that nobody ever reads.....

    2. BristolBachelor Gold badge
      Joke

      @Andy Fletcher

      Yeah, it seems that the work experience kid didn't know how to make coffee. He had to do something while he was there...

  6. Graham 25
    FAIL

    Good timing

    Shutting the door after the horse has bolted and died of old age ....... some people never know when they have lost !

  7. This post has been deleted by its author

  8. ph0b0s

    I protect Firefox by using NoScripts, duh

    After all the comments above I thought it worth pointing something out. That unlike other browsers, with the addition of one plug-in Firefox gives you full power over which websites are allowed to run flash and javascript (the actual main way people hack browsers thru webpages).

    I love the way the thread has turned into a browser competition. All browsers use flash and all therefore have the same vulnerabilities to it.

    Also good byline on the article, trying to dismiss how useful this will be.

    1. Anonymous Coward
      Anonymous Coward

      > All browsers use flash and all therefore have the same vulnerabilities to it.

      iOS browsers don't.

      Not that I'm seriously putting them forward as entrants for any sort of "good browser" competition; that would be laughable.

  9. Pink Duck
    Meh

    A bit late?

    Is it me or have the number of Flash security updates dropped off over the last few months?

    1. This post has been deleted by its author

    2. ph0b0s

      No...

      Aren't the amount of security releases proportional to the amount of vulnerabilities that are being exploited. I don't recall seeing anything about vulnerabilities in the latest version, that are being exploited ( sure someone will correct me). Each of the security releases recently have been in response to a vulnerability that people were using in the wild. They will not make new security releases if there is nothing to secure against.

      So now they are not having to firefight vulnerabilities, instead they will focus those resources on building more and better functionality. New functionality like say, a sand boxing function.....

  10. despairing citizen
    Stop

    Ass Backwards Logic

    Correct me if I'm wrong, but I read that as adobe are spending programmer time building a sandbox solution to run their insecure code, rather than using the same programmer's time to build a secure solution in the first place, or dig out all the bugs in the current code.

    Isn't that kind of ass backwards logic?

This topic is closed for new posts.

Other stories you might like