Running old plugins in your web browser is bad, as it opens the door for all sorts of mayhem. This includes exploits that target known vulnerabilities in those versions, or stability and compatibility issues that you may experience as a result of that. While users are to blame for that, it is also something that browser vendors have not really taken care of. While there have been some attempts, like Google's inclusion of Adobe Flash in the browser core to update it automatically, or Mozilla's Plug-In Checker, it is not enough to keep all users secure.
Especially the fact that all browsers enable plugins that they detect on the system by default has been criticized in the past. While that may be the convenient thing to do compatibility-wise, it is foolish when it comes to security.
Mozilla yesterday announced that the company has added older versions of the Java plugin to the global blocklist. The blocklist lists plugins and extensions that are either harmful in nature, a stability disaster, or a security liability. In the case of Java, it is the latter.
The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer.
This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist.
Firefox users are asked to update Java on their system to resolve the issue. Chance is, the majority won't even notice that Java has been disabled in the browser. Interestingly enough, affected Java versions for OS X have not been added to the blocklist, as Apple has failed to produce an updated secure version yet.
You can check about:addons and there plugins to see if a Java plugin is enabled in your web browser. If it is, head over to the Java verification page on the official site to check if that is the latest version available.
If you do not have the latest version installed, update immediately to protect your computer from exploits and other consequences. If you are not sure if you need Java, update anyway. You may afterwards disable the plugin in the manager to see if it is really needed, or not.
If you are using a different browser, you can still use the verification page and the download page to update Java for that browser as well. Keep in mind that Java gets installed globally on the system, so that you only need to do this once on every system Java is installed on. (via FFextensions Guru)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.