Hackers about hacking techniques in our IT Security Magazine

Firefox to use Flash Player sandbox

The new Flash Player sandbox for Firefox is currently still in public beta mode. Adobe has decided to sandbox each plugin process to ensure that  a plugin crash will not occur with the entire web browser (one of the main reasons why Apple never introduced Flash).  It appears though, that there are no security restrictions on the plugin process. Mozilla has previously rolled out an out-of-process plugin support in previous versions of Firefox but the Adobe sandboxing appears to take this one step further.

Flash Player Protected Mode creates a separate process but the app and OS-level security controls will be restricted but not from a functionality perspective.  Adobe calls this the ‘broker process’. This is a privileged process that runs with default rights and provides secure access to specific resources not available in the sandbox. When writing content within the sandbox, if there is a need to store data, then the LSO will handle this by requesting the broker to write the LSO content to the disk. This restricts where the content can be written too on the user’s hard drive.

February 10, 2012

0 Responses on Firefox to use Flash Player sandbox"

Add Comment Register



Leave a Message

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>