Specifically, Adobe built a "broker," a low-privilege process that decides which functions Flash can conduct outside the sandbox, and mediates those requests between the plug-in on one hand, and Firefox and the operating system on the other.
The devil with the Firefox plug-in was in the details.
"Because Firefox is open source, we could often look into the browser code to get things working for Flash," said Arkin. "In some cases, it was clearly something that we needed to change in Flash or the broker, sometimes it wasn't clear and could go either way, and other times it was something that needed to change in Firefox. [The Mozilla] guys make sure that [the latter] got addressed."
Like the sandboxed Flash for Chrome, the beta plug-in for Firefox works only on Windows. "In the real world, Windows is where the bad guys go," said Arkin, explaining why Adobe hasn't crafted similar protection for Mac or Linux users of either Chrome or Firefox.
Adobe has no plans to add sandboxing to the Flash Player plug-ins that run in Apple's Safari or Opera Software's Opera browsers.
Chrome has another advantage over Firefox when it comes to Flash: Google bundles the Adobe software with its browser, patching Flash alongside Chrome using the latter's silent update mechanism.
"I'm not aware of any conversations between Adobe and Mozilla on bundling components [such as Flash] with Firefox," said Arkin when asked whether Mozilla would follow in Google's footsteps.
Instead, Adobe has been quietly beta testing a new silent update service for Flash -- again, mimicking work it did earlier for Reader -- that should launch in final form some time "in the next couple of months," said Arkin.
The beta of the sandboxed plug-in works on Firefox 4 and later, but Arkin cautioned users against trying it out on production or mission-critical Windows PCs. "We can really use the techy folks' help evaluating the beta," he said, referring to early adopters who aren't leery of preview software.