Sandboxed Flash Player Coming To Firefox 86
Trailrunner7 writes "Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash. The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself."
'bout time! (Score:2, Insightful)
Its about damn time they did this for Firefox. I don't know how many times Flash has caused my browser to crash and I couldn't do anything about it. I love how in Chrome only the Flash player dies and not the browser.
Here's my hope. (Score:5, Insightful)
Maybe sandboxing the damn flash player will stop it from periodically causing Firefox to hang for 30 seconds or so thanks to some damn ugly "full motion video" ad that's trying to load up?
I'd love to see a ban on FMV ads. Double for FMV ads that start themselves automatically, and quadruple for those fucking ads that blast audio after doing so.
Whitelist (Score:5, Insightful)
The whitelist for flash is in the single digits. Most sites don't need that privilege. ... that's about it really.
Youtube, a couple of porn sites
Half Way There (Score:4, Insightful)
Considering Flash's extensive use as an attack vector this is great news. I would sleep better at night though if Firefox itself was also sandboxed; in fact I'm a bit surprised you can even sandbox Flash when the browser doesn't support it.
Re:Here's my hope. (Score:4, Insightful)