Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Blocks Vulnerable Java Versions In Firefox

Posted by timothy on from the some-people-like-their-coffee-filtered dept.

Trailrunner7 writes with this excerpt from Threatpost: "Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks. 'This vulnerability — present in the older versions of the JDK and JRE — is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,' Mozilla's Kev Needham said."

4 of 205 comments (clear)

  1. Re:Mozilla gives middle finger to enterprise again by i+kan+reed · · Score: 5, Insightful

    If you have to choose between clearly dangerous infection vector and updating ancient and fragile legacy java applets, I'd say Mozilla is the least of your problems.

  2. Re:Java dying? by Necroman · · Score: 5, Insightful

    Java's server-side is still very strong and won't be going anywhere anytime soon.

    Java as a language for UIs, not so much. The built in UI widgets and windowing (Swing) is weak at best. While it has many of the basic widget types, it hasn't really evolved much as time has moved forward. Plus it always felt just enough different from native applications to stop developers from using it.

    Java applets, I feel, have been dead for a long time. Applet initialization time was just too long or would break during loading to discourage people from using it. Though, I've seen Java Web Start work pretty well for deploying Java applications.

    --
    Its not what it is, its something else.
  3. Re:disable? by Anonymous Coward · · Score: 5, Informative

    https://wiki.mozilla.org/Extension_Blocklisting:User_Interface

    Preferences for controlling the blocklist
    The common user should not be allowed to override the automatic updating and application of the blocklist, but there are valid use cases for doing so.

    The following preferences should be created to govern this behaviour:
            * extensions.blocklist.enable (boolean), toggles blocklist enabled on/off

    Other applications or distributions may want to provide their own backlist update url which will be controlled by the following pref:
            * extensions.blocklist.url (string), url to the blocklist file

    The interval in which the blocklist runs will be defined by the following pref:
            * extensions.blocklist.interval (integer), the interval in which to download a new blocklist file

    These preferences should be documented on developer.mozilla.org and any announcements for developers about the blocklist functionality.

  4. Re:Java dying? by Anonymous Coward · · Score: 5, Funny

    More like Slashdot hates Java because they flunked their intro CompSci course at the community college and now "develop" by tweaking PHP blogging software.