Mozilla adds old Java plugins to blocklist

Mozilla maintains a blacklist for add-ons and plugins that are either a security risk for users of Mozilla products they are compatible with, or cause stability issues when they are installed in a product. The blacklist acts like a global filter that blocks plugins and add-ons on it from being run in the Firefox web browser or other Mozilla products.

Today Mozilla announced that it has added old Java plugin versions to the blocklist to protect users from a critical vulnerability. The vulnerability is present in older versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE). To be precise, it is affecting the Java plugin version 6 update 32 and earlier, and the Java plugin version 7 update 4 and earlier. All newer versions are not affected by the vulnerability as it has been fixed in both products with the June 2012 update.

Firefox and other Mozilla product users are asked to check their version of Java to make sure the plugin is up to date. This is done by loading about:addons in the browser, switching to plugins on the left sidebar, and looking for Java plugin versions there. Another option is to open the Mozilla Plugin Check website to verify the installed Java version this way. The plugin check service works with other browsers as well.

Affected versions of the Java plugin are automatically disabled, unless users actively choose to keep the plugin enabled despite the risk  of being targeted by exploits of the vulnerability. Firefox users can however enable or disable the plugin at any time in the add-ons manager.

New versions of the JRE can be downloaded from the official Java website. Mozilla recommends to update Java as soon as possible and disable the plugin in the meantime to protect the browser from exploits.

You can read the full announcement here at the official Mozilla blog. You can access a list of plugins and add-ons that have been added to the blocklist here.

Advertisement