Skip navigation
ScreenName7326
Currently Being Moderated

Firefox 11 Security Sandbox Violation

Apr 4, 2012 5:42 AM

Tags: #lion #mac #security #firefox #flash_player #sandbox #violation #firefox_11 #local_testing

I'm working with a local version of my Application - and since I've updated to Firefox 11 I'm having issues with Javascript call backs throwing an error when trying to access the Flash movie.

 

I've added the preload file, main file, and directory to the Local Trusted locations - and I'm still getting the error; I've confirmed that allowscriptaccess="always" on the page.

I'm running on a Mac OSX 10.7.3 with the latest Flash debugger player 11.2.

 

*** Security Sandbox Violation ***

SecurityDomain 'null' tried to access incompatible context 'file:/../bin-debug/InitialPreloader.swf?0.6524682486757879'

 

Here's the kicker - this only happens in Firefox 11 - did not happen in 10 - and does not happen when running locally on Safari (5.1.3), Chrome(18.01) or Opera(11.62)

I did have FlashFireBug installed - but even after the uninstall/disabling - the violation still occurs. Not sure that adding "security unlocks" of sorts inside the application was appropriate because it only happens in one browser.

 

I generally do prefer Firefox (the FlashFireBug add-on makes some things easier) - and can work around it; but I haven't seen any issues about this so I thought it should be reported - or maybe because I missed something.

 

Thanks.

-Will

 
Replies
  • Currently Being Moderated
    Apr 9, 2012 5:21 PM   in reply to ScreenName7326

    Happening for me too... except in multiple browsers. Seems to be new with Flash 11.2 since this just started (and the site I'm seeing this on hasn't been updated for about a year).

     
    |
    Mark as:
  • Chris Campbell
    9,446 posts
    May 4, 2010
    Currently Being Moderated
    Apr 9, 2012 5:39 PM   in reply to brettAtPeriscopic

    Forwarding to our security team for their review.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 10, 2012 10:16 AM   in reply to Chris Campbell

    I traced down the issue on my end. At root, it doesn't seem to be a security error. The site is loading a series of videos and needed to know the duration of each in order to render the UI. The flow:

     

    _videoURL = 'foo.flv';

    _connection = new NetConnection();

    _connection.addEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);

    _connection.connect(null);

     

    //later, in netStatusHandler

    switch (event.info.code) {

          case "NetConnection.Connect.Success":

                   _connection.removeEventListener(NetStatusEvent.NET_STATUS, netStatusHandler); 

                   connectStream();

           break;

    //...

    }

     

     

    //later, in connectStream

    _stream = new NetStream(_connection);

    _stream.client = {onMetaData:metaDataHandler};

    var video:Video = new Video();

    video.attachNetStream(_stream);

    _stream.play(_videoURL);

     

     

    //later, in metaDataHandler

    _stream.pause();

    _stream.seek(0);

    _stream.close();

     

    //in Flash Player 11.2, immediately calling _stream.close in the onMetaData handler

    //causes a crash. Delaying it slightly seems to fix the issue:

    //setTimeout(_stream.close, 1000);

     
    |
    Mark as:
  • Chris Campbell
    9,446 posts
    May 4, 2010
    Currently Being Moderated
    Apr 10, 2012 6:11 PM   in reply to brettAtPeriscopic

    Thank you for the follow up.  Glad you were able to track this down.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 10, 2012 10:36 PM   in reply to Chris Campbell

    Hi,

     

         I am facing same kind of problem in firefox. i posted my question in flex forum http://forums.adobe.com/message/4287116.

     

         Alex asked me to verify browser security settings. I don't know how to do it.

     

         any ideas?

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 13, 2012 6:35 AM   in reply to ScreenName7326

    for local testing add

     

    Security.allowDomain("*");

     

    in your code.

     

    it works for me. you can not avoid firefox, because it has lot debugging tools.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points