It seems like every other day someone is poking a new security hole in Flash Player or Adobe's issuing another patch to fix one. To make it harder for people to exploit vulnerabilities in the rich media player, Adobe is working on a sandboxed Firefox version for Vista and Windows 7, building on the release of its sandboxed Flash Player for Chrome. The sandbox (called Protected Mode) is currently in developer-only beta, with a public release planned for sometime later in the year. According to a blog post from Peleus Uhley of Adobe's Secure Software Engineering Team, Protected Mode on Flash Player for Firefox will run with the same privelege restrictions and job limits as the company's sandboxed Reader X, which hasn't seen a successful exploit since its November 2010 release.
Of course it's great to see Adobe taking steps to improve the security of its software, but why not use the resources to encourage migration to HTML5 instead? The company's already given up on mobile Flash, and while Flash Player is certainly much more entrenched (nearly ubiquitous) on the desktop, mobile devices are going to make up a greater and greater percentage of total internet use going forward — according to Google, more people are already using cellphones than computers. One answer is that developing a sandboxed Flash Player is a more cost-effective solution than patching every new vulnerability that springs up. Adobe's Brad Arkin said at a Kaspersky-Threatpost event in Cancun last week that his "goal isn't to find and fix every security bug. It's to drive up the cost of writing exploits."