Adobe adds Flash sandboxing to Firefox Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser. “Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring …
You need the upcoming "out-of-process" plugin support in Opera 12 to avoid crashes and exploits through plugins.
As for everyone smarmily crowing over Adobe's security record: exploits are inevitable in any runtime. Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.
"much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up."
ActiveX wasn't low hanging , it was on the ground rotting. ActiveX was one of the most braindead ideas Microsoft ever came up with and the competition there is pretty steep. "I know, lets allow browser plugins that run as native exes with full user permissions! What could possibly go wrong?". Fscking morons.
> Adobe's products are a common target because they are very widely used and much of the other "low-hanging fruit" eg. Internet Explorer's ActiveX mechanism had been reasonably shored up.
Sorry, did you mean "Adobe's products are a common target because Adobe are so far behind everyone else in securing their products that you can even use ActiveX as an example of something that's more secure."?
Why? Because of poor requirements and specifications, poor reviews, poor coding, poor testing etc. etc,
FFS, if airplanes crashed at the rete computer programs did we'd all have to live underground and *nobody* would use them.
Accidents don't happen, accidents are caused.
This post has been deleted by its author
After all the comments above I thought it worth pointing something out. That unlike other browsers, with the addition of one plug-in Firefox gives you full power over which websites are allowed to run flash and javascript (the actual main way people hack browsers thru webpages).
I love the way the thread has turned into a browser competition. All browsers use flash and all therefore have the same vulnerabilities to it.
Also good byline on the article, trying to dismiss how useful this will be.
This post has been deleted by its author
Aren't the amount of security releases proportional to the amount of vulnerabilities that are being exploited. I don't recall seeing anything about vulnerabilities in the latest version, that are being exploited ( sure someone will correct me). Each of the security releases recently have been in response to a vulnerability that people were using in the wild. They will not make new security releases if there is nothing to secure against.
So now they are not having to firefight vulnerabilities, instead they will focus those resources on building more and better functionality. New functionality like say, a sand boxing function.....
Correct me if I'm wrong, but I read that as adobe are spending programmer time building a sandbox solution to run their insecure code, rather than using the same programmer's time to build a secure solution in the first place, or dig out all the bugs in the current code.
Isn't that kind of ass backwards logic?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
