MozillaWiki

Security/Sandbox/Process model: Difference between revisions

Page Discussion

Security/Sandbox/Process model (view source)

Revision as of 04:06, 2 May 2019

164 bytes removed ,  2 May 2019
no edit summary
No edit summary
Line 25: Line 25:




=== Flash Sandboxing (Windows 64-bit & OSX) ===
 
Firefox runs Flash content in a separate process (plugin-container.exe) for stability and security reasons. Firefox 64-bit on Window (since Firefox 41)  and OSX (since Firefox 62) both employ a sandbox to mitigate the risk of malicious flash content.  At a high level this sandbox aims to limit access to the file system and other system privileges. For further detail see
* Windows: [[Security/Sandbox#64-bit_Plugin]] and [[Firefox/win64]]
* OSX: [[Security/Sandbox#NPAPI_Flash_Process]]


=== File (File://) Content Process ===
=== File (File://) Content Process ===
Line 51: Line 48:
These processes are instances of plugin-container.exe
These processes are instances of plugin-container.exe


=== Flash Plugin process ===
=== Flash Sandboxing (Windows 64-bit & OSX) ===
On Windows 64, Flash does not provide its own sandbox, so Firefox provides one. This process only exists while flash content is loaded.
Firefox runs Flash content in a separate process (plugin-container.exe) for stability and security reasons. Firefox 64-bit on Window (since Firefox 41)  and OSX (since Firefox 62) both employ a sandbox to mitigate the risk of malicious flash content. At a high level this sandbox aims to limit access to the file system and other system privileges. For further detail see
* Windows: [[Security/Sandbox#64-bit_Plugin]] and [[Firefox/win64]]
* OSX: [[Security/Sandbox#NPAPI_Flash_Process]]


=== GMP process (Widevine, Primetime, OpenH264) ===
=== GMP process (Widevine, Primetime, OpenH264) ===
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1211581"