Yes, starting with version 3.6.4, Firefox implemented Out-of-Process Plugins (OOPP) in order to deal with buggy or generally unstable plugins.

Send plugin crash reports to help Mozilla improve Firefox for more information.

There is also a project called Electrolysis that will try to run different elements of the browser as separate processes.

https://wiki.mozilla.org/Electrolysis for some technical information.

JYOuyang gives a very misleading answer.

JYOuyang does not seem to know what a sandbox is or how it works. Buggy plugins have nothing to do with Firefox using sandbox technology. Sandboxing has nothing to do with browser elements running in a separate process.

We still need a good answer from a real Mozilla support person for this question.

I too would like to see Firefox and Minefield ( the 64 bit version of Firefox) use good sandbox technology. 

In the meantime I use a free program called Sandboxie. I am very concerned about my browsing security and I believe I found the best application to protect me. Sandboxie can be used with any program on your hard drive. It runs the application ( in this case, Firefox) in a protected sandbox. It's like having a secure separate partition just for your browser (or other sandboxed application) Anything you download through Firefox sandboxed, gets put into a protected sandbox until you know it's clean and choose to move it out of the sandbox to your regular Downloads folder on your hard drive ( or whatever folder you choose). Likewise if you go to a website that installs a virus or the ever popular Fake AntiVirus program, it will remain in the protected sandboxed environment and cannot get out of the sandbox to infect your unprotected hard drive. When you close your sandboxed browser these virus's are automatically and safely deleted.

Unlike many firewalls, in the 5 years Sandboxie has been around, there has never been any virus or malicious code to escape the sandbox. Sandboxie is as close as you can get to 100% protection. I say this because I have spend many hours pouring through reviews, user comments, pros & cons, technical information, and reported problems with Sandboxie and I cannot fine one instance anyone being infected because Sandboxie failed in some way. It simply does not happen. People have tested it by throwing every virus they have at it to see how secure it is and nothing gets through it. You can prove this to yourself by going to online firewall testers and letting it hammer your system. I have done this and always Sandboxie passes with flying colors.

My earnest hopes are that the people at Mozilla design a sandbox for Firefox that is as good as Sandboxie. I would love to see that.

You can learn more about and get Sandboxie from: http://www.sandboxie.com/

My apologies to JYOuyang for my above statements. After doing some research on the matter it seems what JYOuyang is referring to is Google Chrome's type of sandbox. Chrome uses a process that they describe as a sandbox because all of the browsers features operate in it's own process environment. Each tab, Plugins, etc every individual part of the browser runs in it's own process. If a virus attacks the browser, it is isolated in this one process and hopefully cannot spread to the next and get out of the browser to infect your hard drive. This is also done so if one part, say a tab, crashes, the whole browser will not crash.

This is a very different type of sandbox than Sandboxie. Sandboxie is like a box that protects the entire application and what ever goes in and out of that application - from getting to your hard drive. This is the type of protection most people think of when they hear the word "sandbox". These days different companies use the term "sandbox' in different ways to describe their version of protection.

The Sandboxie type of protection is a full total solution for keeping out malware and virus's. The type Chrome uses or Firefox's OOPP for plugins, is not a total solution and will not protect you like a real sandbox can.

Chrome's type of sandbox though robust has not the advantage of having been user tested for years like a Sandboxie type of sandbox. It does not stop all attacks from getting through to the hard drive the way a Sandboxie type of sandbox can. Many Windows users will run Chrome in Sandboxie or a virtual operating system because they do not trust Chrome's protection alone.

I hope Mozilla makes the right choice and introduces a more secure technology similar to Sandboxie instead.

Not sure anyone is familiar with the Google Chrome approach to security. You can review it at the following URL: http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html

It greatly reduces the ability for the web to attack the user's computer. I'm not saying it is sufficient by itself. Add-ons such as NoScript & AdBlock Plus certainly help. However, if I can tell that I will be visiting a risky website, I use Chrome Google. However, it seems their browser is memory hungry & eats up available memory faster than FireFox. Also, some web pages only work with IE. So, I use these 3 browsers, each for a different reason.

I wish one browser, my choice is FireFox, would work in all instances. No such browser currently exists... So Sad!

Well your best option for now applies to anyone using a mac, I have my sandbox'd firefox that I use all the time. I know that the whole reason to use it in a sandbox is for protection against exploits on windows (not saying they do not exist on mac) but for me to know that my system has that level of extra protection, on top of everything else that I have, is very nice. I am referring to IronFox http://www.romab.com/ironfox/ and you can read up on it. it basically uses the sandboxing build into os x and loads firefox in it.

You people don't "get it". Security should be the job of the OS. Now the mac is better at it by far than windoz. True security like that found in a "Trusted OS" requires a form of mandatory access control. If you are really looking for security either get a "trusted OS" like the military uses. Or get the next best thing. The only chance of having real security in a networked general purpose OS is to employ some form of mandatory access control. What this entails is similar to a sandboxie but for the entire OS and all processes that run on it. Every process is defined and protected and only allowed to do what is specified by the MAC rules. It is basically a process firewall and each process has rules and cannot run at all unless the rules for that process are defined. Educate yourself before spouting off wishlists. There are general purpose OS's out there that employ this type of security. It was first developed by "No Such Agency" so it is as good at security as any networked machine can be Run your firefox under one of these OS's and you stand at least a small chance at being secure.

I'm already using MAC access controls, the government themselves don't even understand it. I joined a security news group for information systems security professionals in the UK and got my first welcome message sent to me in HTML no plain text or 7 bit encoding. Nice to know they're all using windows (just take a look next time your in the Job-Center and they face the screen towards you!) and accessing things like Hotmail from work, little wonder they think rubbish like Poison Ivy is a serious national security threat. They have no idea what a trusted system is, they're busy pandering to the M$ solution along side Symantec & McAfee.

If your on Windows I would suggest Sandboxie. But if your on a trusted OS then yeah the only thing you need is a brain something the ICT industry in the UK just hasn't got!

@pentester #~>setenforce=1 good buddy setenforce=1 "lets see those little butt-holes working downstairs try to access facebook, twitter and hotmail now!"

Thats what is so awesome about trusted computing, I can define a policy that restricts who can open what, or you can grant a group access to a specific application and deny everybody else, or if your really mean you can just remove things like the browser from that persons desktop in it's entirety. Try removing Internet Explorer from Windows and watch what happens! (instant OS failure)