You're describing a sandbox. You run the security-vulnerable routine inside a separate process and give this process the most minimal read/write-permissions that the routine can still work with.
Flash itself has been sandboxed inside Firefox's Plugin Container since forever and Firefox is getting a sandbox around tabs as we speak.
But you can break out of sandboxes. By either exploiting a bug in the OS that bypasses process permissions or by finding a hole in the sandbox that allows you to do things.
I imagine, for example, if you want to upload a file, then the tab-process has to talk to the less restricted main-Firefox-process, which has to then open up a file-chooser dialog and give control to the user.
But it could for example be possible to somehow malform this request to the main-Firefox-process, so that the file-chooser crashes and just hands over a random file, before the user has even seen the dialog. (Obviously, I'm not going to come up with an actual security vulnerability on the spot here.)
This kind of vulnerability can't be fixed with a sandbox. You need some way to upload files, for which you'll need filesystem access in some way and to pretty much the entire Home-directory.
Theoretically, you could require the user to copy the file into a separate "Upload"-directory and then only have read-permissions to that directory, but that's hardly user-friendly and would probably end up with some users keeping their entire Home-directory underneath that Upload-directory.
Flash itself has been sandboxed inside Firefox's Plugin Container since forever and Firefox is getting a sandbox around tabs as we speak.
But you can break out of sandboxes. By either exploiting a bug in the OS that bypasses process permissions or by finding a hole in the sandbox that allows you to do things.
I imagine, for example, if you want to upload a file, then the tab-process has to talk to the less restricted main-Firefox-process, which has to then open up a file-chooser dialog and give control to the user.
But it could for example be possible to somehow malform this request to the main-Firefox-process, so that the file-chooser crashes and just hands over a random file, before the user has even seen the dialog. (Obviously, I'm not going to come up with an actual security vulnerability on the spot here.)
This kind of vulnerability can't be fixed with a sandbox. You need some way to upload files, for which you'll need filesystem access in some way and to pretty much the entire Home-directory.
Theoretically, you could require the user to copy the file into a separate "Upload"-directory and then only have read-permissions to that directory, but that's hardly user-friendly and would probably end up with some users keeping their entire Home-directory underneath that Upload-directory.