Security/Sandbox/Process model: Difference between revisions

Jump to navigation Jump to search

Security/Sandbox/Process model (view source)

Revision as of 03:13, 14 November 2018

138 bytes added ,  14 November 2018
→‎NPAPI process (64-bit windows only)
Line 41: Line 41:
Ideally, we aim to restrict the interface that could yield PII (e.g., MAC addresses or other hardware identifiers) should be disallowed, but this hasn’t yet been audited.
Ideally, we aim to restrict the interface that could yield PII (e.g., MAC addresses or other hardware identifiers) should be disallowed, but this hasn’t yet been audited.


=== NPAPI process (64-bit windows only) ===
=== Flash Sandboxing (Windows 64-bit & OSX) ===
On Windows 64-bit Firefox employs a sandbox to limit the impact of compromised plug-ins. This sandbox landed in Firefox 41 and tightened but at a high level it aims to limit access to the file system and other system privileges. For further detail see the https://wiki.mozilla.org/Security/Sandbox#64-bit_Plugin and https://wiki.mozilla.org/Firefox/win64
Firefox runs Flash content in a separate process (plugin-container.exe) for stability and security reasons. Firefox 64-bit on Window (since Firefox 41)  and OSX (since Firefox 62) both employ a sandbox to mitigate the risk of malicious flash content. At a high level this sandbox aims to limit access to the file system and other system privileges. For further detail see
* Windows: [[Security/Sandbox#64-bit_Plugin]] and [[Firefox/win64]]
* OSX: [[Security/Sandbox#NPAPI_Flash_Process]]


==Future Process Types ==
==Future Process Types ==
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1203903"

Navigation menu