[brohee]

Since it won't be native code, they'll only be able to abuse a FF bug exposed by the JS plugin API, but should be in a very bad position to exploit a kernel bug...

Same process isolation, but the JS plugin got a vastly reduced surface to attack.

[tschneidereit]

Exactly. We did a survey of Flash exploits from the last few years and almost all of them would simply have been impossible in Shumway. That doesn't mean that Shumway will automatically free of all security bugs, but the whole class of bugs that in some way is caused by memory corruption is only possible through bugs in Firefox's JS engine SpiderMonkey. Of course it's much easier to just exploit them in JS directly then, so Shumway doesn't increase the surface attackable through bugs like that.