Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Security The Internet News

Adobe Releases Sandboxed Flash Player For Firefox 104

Trailrunner7 writes "Adobe has released a new version of their Flash player that now gives Firefox users the additional security of a sandbox and also includes a background update mechanism for Mac users. Flash has run in a sandbox on Google Chrome and Internet Explorer for some time already. The big security news in Flash player 11.3 is the addition of the protected mode sandbox for Firefox on Windows. That's a major change for Adobe, which has been adding sandbox to its main product lines for a couple of years now. Adobe Reader X has run in protected mode — which is what Adobe calls its sandbox — since its release, and the company also added a sandbox to Flash on Google Chrome. The sandbox is designed to prevent attackers from using vulnerabilities in Flash to break out of the application and move to other apps or the OS itself."
This discussion has been archived. No new comments can be posted.

Adobe Releases Sandboxed Flash Player For Firefox

Comments Filter:
  • by Anonymous Coward on Friday June 08, 2012 @02:30PM (#40261349)

    How about they release a new 64bit version for Linux? The colour in YT videos is totally messed up on my Ubuntu box

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      adobe hates linux.

    • by TheCycoONE ( 913189 ) on Friday June 08, 2012 @02:35PM (#40261411)

      I'm not sure if you recall, but Flash for linux is discontinued unless you're using the bundled Chrome version (http://www.osnews.com/story/25639). In light of that I've given up on the idea of them fixing any major bugs for that platform.

      • by Anonymous Coward

        *Technically* it's discontinued until Firefox and the other browser writers support the Pepper API.

        • I was under the impression that it wouldn't even be available for Chromium Browser, which implements the same Pepper API as Google Chrome. According to Adobe's blog [adobe.com], not only will Flash Player "only be available via the 'Pepper' API", but the Pepper version will be distributed "as part of the Google Chrome browser distribution and will no longer be available as a direct download from Adobe". So even if you have another browser that implements Pepper, it still won't be able to run Flash Player for Pepper because Flash Player for Pepper is exclusive to Google Chrome.
          • by Nimey ( 114278 )

            One wonders if Adobe will revisit that decision if Mozilla changes their minds. Bet you they would.

      • by antdude ( 79039 )

        They did release a small build update for v11.2, but that's it. I guess non-Chrome users are screwed like me. :(

    • by Hatta ( 162192 )

      Just use dwhelper [downloadhelper.net] and mplayer.

      • Just use dwhelper and mplayer.

        There are uses of Flash Player other than to stream video. How well does this combination that you recommend work for Flash vector animations and Flash games?

        • by Hatta ( 162192 ) on Friday June 08, 2012 @04:19PM (#40262661) Journal

          I recommend their authors port their work to a non-proprietary format, or resign their proprietary crap to the dustbins of history where it belongs.

          • I recommend their authors port their work to a non-proprietary format

            I agree with you in principle. However:

            I thought since Adobe changed its SWF spec licensing policy years ago as part of the Open Screen Project, SWF was a non-proprietary format. And even if not, what solution do you recommend for an author to convert something like Homestar Runner or Weebl and Bob to a non-proprietary format? And what techniques should I use to convince authors to do so?

            • by Hatta ( 162192 )

              Honestly, I couldn't really give a shit. The authors are the ones who should care about their work disappearing from history. If there's anything actually worthwhile locked up in flash, someone will reverse engineer it and create a flash emulator just like they've done for so many consoles.

              • Adobe changed its SWF spec licensing policy years ago as part of the Open Screen Project

                If there's anything actually worthwhile locked up in flash, someone will reverse engineer it and create a flash emulator

                And the Open Screen Project makes it that much easier to make a Flash Player emulator like Smokescreen, which we discussed two years ago [slashdot.org].

    • They won't. And I assume you're using the nvidia binary driver. In that case, the only known solution is installing a patched version of libvdpau or disabling the hardware accelerated rendering.
    • by Anonymous Coward

      Disable hardware acceleration (I had that problem with an Arch Linux box, x86-64, using the nvidia propietary drivers)

      • by Anonymous Coward
        Ditto, 'cept I was using Windows. Adobe can't do hardware acceleration right.
    • I was hoping that a'duebe would compile a 64 bit debug version for Linux. I guess it's hard, for them, to do. But maybe it's because they're getting so much love from Apple?
    • by Anonymous Coward

      Let me guess, anything red is turned into a blue-ish color?

      I think a downgrade is in your future

    • Load a youtube video, right click, select "Settings", go to the leftmost tab, de-select "Enable Hardware Acceleration". Voila, colours are back to normal.

    • by Spoke ( 6112 )

      They just released an update today. flash-plugin-11.2.202.236-release.x86_64 is available to download from their website.

    • Comment removed based on user account deletion
  • Huh (Score:5, Interesting)

    by masternerdguy ( 2468142 ) on Friday June 08, 2012 @02:33PM (#40261397)
    I thought adobe was abandoning flash.
    • Re:Huh (Score:5, Funny)

      by SJHillman ( 1966756 ) on Friday June 08, 2012 @02:37PM (#40261433)

      The captain never leaves a sinking ship!

      Unless he's Italian.

    • Re:Huh (Score:5, Funny)

      by greenfruitsalad ( 2008354 ) on Friday June 08, 2012 @03:45PM (#40262233)

      Dear Adobe,

      I really hope you do not give up on Flash. I want Flash to live and I want it to be used everywhere. I love it, I love the idea of it, I love everything about it. I want as little web content to be written in html5 as possible.

      I dread the day when I start my web browser and all that colourful flashing cpu hogging vomit that I avoid by NOT having installed flashplugin will have been converted to html5. It'll be like going back to 1996 when web was full of GIFs. Please do NOT do this to me; do not abandon Flash.

      Sincerely yours, world's biggest Flash fan

    • Even if they wanted to it would be stupid to give up on it now. There is no perfect alternative and there are a lot of people happy with flash so why would they give up that revenue?
  • by Anonymous Coward

    This really solidifies Flash as the web container of choice and knocks HTML 5 for six!

    Gotta be a sad day if you're an IOS user.

    • Yes, this extra layer of software is sure to make it as responsive as a native video decoder.

  • So, now i could use my little pity Firefox without crashing my little Windows 7 x64 bit??? We will see.....
    • Wow - maybe I am better off with 32-bit Win7? Firefox crashes on me very frequently, probably because Win7 won't let me use swap space to get past the 4GB RAM limit, and FF+Flash is a bit of a memory hog (though not as bad as Chrome.)

      And here I'd just been going to rant about "Does this mean Firefox won't crash as often?"!

      • I have to ask? How many tabs do you have open? The most I have ever seen a browser use is maybe 2.5 gigs with 30+ tabs.

        At 30+ tabs it is unmanageable as you spend more time tab cycling trying to figure out which one is where etc. WHen you start Office you do not open all +100 files at once do you? That would be insane and this is why the browser is going crazy trying to run 100 web applets at the same time in your browser. FF 12 is the lightest browser I have seen so far and I think it is counter intuitive

        • 30+ tabs is perfectly manageable. 80+ is too if you use tab groups.

          You need to consider different use cases. For example, just reading through my RSS feed in the morning, I regularly open 30+ tabs with the stuff I want to read; then, when reading each one, I might open a few more (for example, pages linked from the article).

          That said, I use Firefox too on a system with 2GB total and no swap and it runs fine.

        • by cduffy ( 652 )

          At 30+ tabs it is unmanageable as you spend more time tab cycling trying to figure out which one is where etc.

          That's a matter of using the right interface -- I use Vimperator [vimperator.org], and (with its keyboardable, search-centric interface) don't have trouble juggling 150+ tabs. The "where" of them -- in terms of ordering the list -- is completely irrelevant; if I want a page about foo, I type bFoo<tab> and get a compact list of which pages regarding Foo I have open, and can select them by typing the number for

  • I upgraded from the old Flash when youtube stopped supporting it, and the new Flash runs very poorly on my 1/2 gigabyte PC. It slowsdown Firefox 10 LTS and makes the non-google Chromium randomly freeze for 1-2 minutes (until a popup asks if I want to kill flash).

    • by h4rr4r ( 612664 ) on Friday June 08, 2012 @02:45PM (#40261527)

      My phone has more RAM than that.
      I suggest you spend $10 and buy more RAM.

      Heck I might even mail you some if you ask nicely.

      • I had a similiar conversation with him to upgrade a few months ago. Now is an excellent time to upgrade before Windows 8 is out if you dual boot. XP is on the way out and its easy to migrate with the easy transfer wizard and there is an XP mode if you upgrade to the pro version.

        The web is a platform that constantly upgrades just like an OS. No one is feeding the same IE 6 code that used 40 megs of ram when he bought hos computer 10 years ago. JQuery and jit optimization and high rez graphics take hundreds o

      • >>>My phone has more RAM than that.

        Doubtful. It might have more Flash or ROM storage, but not more than 512 MB RAM. For example the iPhone 3 had half of that. Anyway, I thought about adding more RAM to my desktop but I honestly thought it would die 2-3 years ago (and then I'd have wasted money). But it just keeps ticking.

        • by h4rr4r ( 612664 )

          My Galaxy Nexus has 1GB of RAM. The Galaxy S3 has 2GB of RAM.

          It has 32GB of flash. Which is not read only.
          http://en.wikipedia.org/wiki/Galaxy_Nexus [wikipedia.org]
          Welcome to 2012.

          • My HTC Evo 3D has 808mb. For some reason.

            Still more than cpu6502 has...

            • by h4rr4r ( 612664 )

              Where are you getting that number?
              http://en.wikipedia.org/wiki/HTC_Evo_3D [wikipedia.org]
              1GB in that phone. If you are looking at apps running/cached you are only seeing apps that can be stopped and not the RAM the OS itself is using.

              • I bet his GPU shares RAM with the CPU.
                • by h4rr4r ( 612664 )

                  That is how all these SOCs work, I do believe.

                  I bet our friend with the outdated computer does not have another 512MB of ram on his GPU.

              • From the root terminal:

                $ su
                # free -m
                total used free shared buffers
                mem: 808 784 22 0 34
                -/+ buffers: 751 57
                Swap: 0 0 0
                #

                • I have an old laptop like that. Even though it has 256 megabytes stock, it only shows 224 MB under the computer information. The other "missing" RAM is being used for graphics. (Strangely my laptop runs okay like that. Maybe because it's still using the original XP.)

          • Give him a break: it's impressive enough that he managed to cram in 512 MB, given that the 6502 can only address 64 kB of memory. And he even got Flash to run on it! Quite astounding for a 30-year-old CPU.
        • The idea is to replace it before it dies as you may not get all your data and programs transferred. It really is not that much of a hassle and the situation is only going to get worse as more AJAX uses bloated api's and HTML 5 will cache all the hundreds of megs of images and video per tab. Flash at least downloads it and does not keep all of it in ram at once.

          Your machine, but I have not touched a system with that much ram in probably 6 or 7 years at least. I service computers for a living too and I at lea

        • My HTC Desire, which I picked up cheaply because it's two years old, has 576 MB of RAM, so no, it isn't doubtful, it's very plausible. Welcome to 2010.
    • Re: (Score:3, Informative)

      by terbeaux ( 2579575 )
      Aside from getting more memory I would recommend that you update one of "the most targeted pieces of software" more often then just when YT stops working. There have been so many exploits released for Flash and Adobe released a lot of security updates to address them. http://www.gfi.com/blog/the-most-vulnerable-operating-systems-and-applications-in-2011/ [gfi.com]
  • by gstoddart ( 321705 ) on Friday June 08, 2012 @02:44PM (#40261513) Homepage

    I've personally found the best way to sandbox Flash is to not install it.

    I honestly can't name a single site that I care about that uses it -- possibly because Flash makes me immediately not care about a web site. I know some people really like it, and it does things they really think is cool, but to me it's been something I've avoided for a long time now.

    But, who knows, maybe next week I'll discover something I can't live without that uses it.

  • by Anonymous Coward

    I can only imagine how tough it would be to be a developer on the Flash team. Would you even want that on your resume? I'm not sure I would want to be associated with one of the most hated, least trusted applications out there. I'm guessing that when people find out you work on Flash, you would be constantly forced to defend Adobe and the Flash team or admit that you were part of a huge failure.

  • I still need Flash because one or two sites I visit use it as a major vehicle for content (e.g. Homestuck).
    So, where's a nice, safer sandbox for the platforms I use?

  • At https://www.adobe.com/software/flash/about/ [adobe.com] (which tells you what flash version you have and what are the latest), it says that the latest for linux is 11.3.300.257. However the "player download center" link on this page goes to http://get.adobe.com/flashplayer/ [adobe.com] and that the latest version is 11.2.202.236 (and that 11.2 will be the last for linux). I'm running 64 bit fedora 17, so that might be the wrinkle.
  • by Anonymous Coward

    Adobe on the other hand...

  • Note: not for XP (Score:5, Informative)

    by PatPending ( 953482 ) on Friday June 08, 2012 @04:45PM (#40262979)

    From Adobe's news release: [adobe.com]

    [Emphasis added]

    The restrictions we apply to this sandboxed process come from the Windows OS. Windows Vista and Windows 7 provide the tools necessary to properly sandbox a process. For the Adobe Reader and Acrobat sandbox implementation introduced in 2010, Adobe spent significant engineering effort trying to approximate those same controls on Windows XP. Today, with Windows 8 just around the corner and Windows XP usage rapidly decreasing, it did not make sense for the Flash Player team to make that same engineering investment for Windows XP. Therefore, we've focused on making Protected Mode for Firefox available on Windows Vista and later.

  • I thought a new feature for 11.2 was autoupdate in the background. Did not work for 11.3.

  • It took a while, but I finally located the Sandbox Flash for Firefox and updated my Firefox.

    Now I have no flash on Wired, I have no flash on Youtube, I have no flash on my forums.

    Thanks a lot, Adobe, you useless shits.

  • I just got the latest Flash update, and the process to get to the license was so horrific that I have sent it off to the lawyers to go through it with a fine comb - I really don't trust any organisation that makes it so hard to find the terms you agree to.

    When you receive the update and you want to see the license you have to:-

    1 - click a link which leads you to an external page. The relevant license is not embedded in the package you download, so there is a risk of disconnect between product and license.
    2

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...