

Flash Player sandboxing is coming to Firefox - thamer
http://blogs.adobe.com/asset/2012/02/flash-player-sandboxing-is-coming-to-firefox.html

======
JoshTriplett
Hopefully this will also make it possible to have separate instances of the
Flash plugin for different sites, rather than a single instance for all sites.
In addition to improving security through compartmentalization, having
separate copies of Flash will allow Firefox to unload each one when finished
with a site. Flash leaks a huge amount of memory, and currently many people
continuously have some site open which uses it (often sites like gmail or
github that use it for "utility" purposes), which means Firefox can never
unload it, resulting in an ever-ballooning memory footprint that people often
blame on Firefox.

(I say this as someone who doesn't use Flash personally, but everyone benefits
when systems have more security, and I personally would like to see less
unfounded complaints about memory usage distracting from the legitimate
efforts to improve memory footprint and performance.)

------
thristian
I'm pretty sure Firefox has run Flash in a separate process for some time now
(so when Flash crashes, you get a stripy rectangle saying "oops, a plugin
crashed" instead of your entire browser disappearing). I guess the news here
is the extra-restrictive sandbox environment.

~~~
cpeterso
Mozilla shipped support for out-of-process plugins in Firefox 3.6.4 (2010):

<https://wiki.mozilla.org/Electrolysis#Status>

Adobe is announcing some sort of out-of-process plugin support in Flash
itself.

~~~
nodata
I think they put development on hold (Nov 4 2011):

"On Nov. 4, 2011, we held a public call to evaluate options for improving
Firefox responsiveness including the multi-process Firefox initiative (code
name Electrolysis, also known as e10s). The outcome of this discussion was a
decision to put the Electrolysis initiative on hold"

\-- [http://lawrencemandel.com/2011/11/15/update-on-multi-
process...](http://lawrencemandel.com/2011/11/15/update-on-multi-process-
firefox-electrolysis-development/)

~~~
dbcooper
That's the chrome-content process separation part of their Electrolysis
project that was put on hold.

Out of process plugins have been part of Firefox for some time now.

------
evmar
Because NPAPI (the plugin API) is specified in terms of native OS handles
(HWNDs on Windows, X ids on X), even a sandboxed plugin naturally has access
to stuff like your keyboard, mouse, and can send keystrokes to your desktop.
This sandboxing of Flash is a step but I don't think it will help much.

------
melling
Flash in gone from my computers. I think I uninstalled it last Aug, but almost
immediately had to reinstall for the online Stanford AI class, but I removed
it after the final.

Flash will be around for a few more years, and it certainly was needed for the
past several years. However, as a sort of "dog fooding", I would encourage
developers to uninstall it so we can help build a better "HTML5" web quicker.
YouTube has html5 support, for example.

In short, a large number of people exercising the HTML5 web, and addressing
its shortcomings, would definitely help accelerate the move to HTML5.

~~~
patrickaljord
> YouTube has html5 support, for example.

Not for videos with ads such as most successful channels.

~~~
JoshTriplett
While this solution obviously won't work for most users, personally I just
reach for youtube-dl (<http://rg3.github.com/youtube-dl/>) when I run into a
video that YouTube won't serve with the HTML5 player. No flash, no ads, and no
buffering.

~~~
lloeki
Safari's ClickToFlash/ClickToPlugin is absolutely awesome as it replaces the
basic placeholder with a (apparently QuickTime X) player with an overlay
offering source format selection (including Flash object, and a download
option). Chrome has a similar plugin, although less advanced (and generally
more flaky). Firefox's FlashBlock is so limited and looks like a stab in the
eye in comparison.

------
super_mario
Sounds like sandboxing is only on Windows, not on other platforms?

~~~
alexknight
Mostly true, with the exception of Safari on OS X. If you have Flash installed
on a Mac, Safari runs it as an isolated separate 64-bit process. This was not
built by Adobe though, it was built by Apple.

~~~
justinschuh
Plugins on Safari are in a separate process, but they are not sandboxed.
Perhaps you'd confused plugins and extensions?

------
throwaway64
What Mozilla also needs to address is the fact that Firefox update is now
totally broken on a "normal" user account in windows, it will not even inform
you that you are out of date. Before they changed to the "rolling release"
model, it worked fine, hasnt worked since 4.0... So now there is going to be a
non-insignificant number of windows users stuck on firefox 5 6 7 ... forever.

~~~
kijin
Is that number really "non-insignificant"? Most Windows users I know are
always logged into administrator accounts. I myself use the administrator
account on my home PC, even though I should know better. Well, at least I pay
attention to UAC dialogs.

I actually like how Firefox updates itself. On a multi-user PC, updating
Firefox updates every user's Firefox. Not so with Chrome.

~~~
throwaway64
there is still no reason that updates cant be applied like every other piece
of software.

------
ck2
Hmm I cannot tell if it runs for all copies of Firefox, I have several
installed.

Cannot tell if it's the sandbox running or the native plugin either, just says
_11.2.300.130_

Oh nevermind, it only runs protected mode on Vista and W7, they exclude XP, oh
well.

I guess only Chrome can sandbox Flash on XP.

------
acdha
This seems like a good move but they have a much greater need to copy Chrome's
auto-update for Flash, both to deal with the massive legacy install base and
to make any successful escalations from the sandbox less long-lived

~~~
dbcooper
Flash 11.2 has auto-updating by default, so this will be moot. I'd love to see
updating supported for other plugins in FF though.

------
drivebyacct2
Just in time for it to become more and more irrelevant. I say this with an
amount of snark that may be frowned upon, but Flash has very few legitimate
uses remaining. Though it's an enormous hack (that HLS will fix), I have live
transcoded video streaming to an HTML5 video tag and I just got a minimal
Skype clone working natively in Chrome. I rarely use Flash and the cases where
it's required are quickly diminishing.

~~~
icebraining
Codecs are still a problem, though - there's no single universal codec
supported by all major browsers. WebM isn't supported by IE, Safari and iOS,
H.264 isn't supported by Firefox, Opera and possibly Chrome in the future.

It's a mess, and I don't see it getting better in the near future.

~~~
JoshTriplett
Right now, two codecs cover all the browsers that matter. Internet Explorer
supports WebM, but doesn't ship with the codec; Google provides the WebM codec
for Internet Explorer (<https://tools.google.com/dlpage/webmmf>). That just
leaves Safari and iOS that still only support H.264.

Personally, as JavaScript engines get faster, I hope for solutions like this
in the future: [http://badassjs.com/post/13551173773/route9-js-a-vp8-webm-
de...](http://badassjs.com/post/13551173773/route9-js-a-vp8-webm-decoder-in-
javascript)

Meanwhile, if Adobe would ever get around to adding WebM in Flash as
previously promised, that would work as a fallback for Safari, as well as IE
users without a WebM codec, leaving just iOS.

~~~
ZeroGravitas
Safari (on Macs) has had a codec plugin support mechanism for codecs for a
long time via Quicktime, and I believe WebM is already supported in Perian,
the popular ffmpeg/libav wrapper for OS X.

~~~
JoshTriplett
Interesting, but that doesn't seem like something straightforward to convince
a random site visitor to install. Google's WebM plugin for IE seems like a
hard enough sell even with Google's name attached to it.

~~~
ZeroGravitas
Google did promise a plugin for Mac OS X too, and "soon" when they announced
the IE one about a year ago ([http://blog.chromium.org/2011/01/more-about-
chrome-html-vide...](http://blog.chromium.org/2011/01/more-about-chrome-html-
video-codec.html)) though there's been no sign of it since.

I doubt it's beyond their ability, particularly as someone's demonstrated that
it can be made to work. I'm guessing though that they'd be generally happier
if people on Mac OS X just used Chrome. There's less likely to be Safari users
who are forced to use the browser due to IT department dictates or whatever
other odd reason people use to justify IE.

