An incubator build of the Flash Player is now available with a new security feature that should protect those using the popular browser plug-in on Windows in Firefox.
Sandboxing is a security measure that ensures that even in the worst case, if an attacker is able to exploit a flaw in the software, the system remains secure. Code running in a sandbox essentially has fewer privileges, and restricted access to the machine it runs on, so in the case of an attack, only information within the sandbox can be leaked. Google Chrome sandboxes its browser processes so different websites run within different sandboxes, making it difficult for an attack in one tab to access data from another. Internet Explorer 7 and above also use sandboxing, if installed on Windows Vista or above.
Flash Player in Google Chrome has been sandboxed on Windows from as far back as version 9, and in Internet Explorer 7 to 9 if the browser is running in Protected Mode — which it does by default. However this feature has been missing from other browsers. The latest incubation build of Flash Player now bring this important security feature to the plug-in when it is running on Firefox.
Flash Player and AIR Incubation builds are Adobe’s way of testing new experimental features in the plug-in without much before they are released. The incubation build of Flash Player 11.2 with this feature can be found on the Adobe Labs website. Right now it seems only a 32-bit version of the plug-in is available, which is reasonable since there isn’t really an official 64-bit version of the browser available. Hopefully by the time this plug-in releases there will be both a 64-bit build of Firefox, and a 64-bit sandboxed version of the plug-in available.