Mozilla adds old Java plugins to blocklist - gHacks Tech News

Mozilla adds old Java plugins to blocklist

Mozilla maintains a blacklist for add-ons and plugins that are either a security risk for users of Mozilla products they are compatible with, or cause stability issues when they are installed in a product. The blacklist acts like a global filter that blocks plugins and add-ons on it from being run in the Firefox web browser or other Mozilla products.

Today Mozilla announced that it has added old Java plugin versions to the blocklist to protect users from a critical vulnerability. The vulnerability is present in older versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE). To be precise, it is affecting the Java plugin version 6 update 32 and earlier, and the Java plugin version 7 update 4 and earlier. All newer versions are not affected by the vulnerability as it has been fixed in both products with the June 2012 update.

Firefox and other Mozilla product users are asked to check their version of Java to make sure the plugin is up to date. This is done by loading about:addons in the browser, switching to plugins on the left sidebar, and looking for Java plugin versions there. Another option is to open the Mozilla Plugin Check website to verify the installed Java version this way. The plugin check service works with other browsers as well.

java vulnerability firefox blocklist

Affected versions of the Java plugin are automatically disabled, unless users actively choose to keep the plugin enabled despite the risk  of being targeted by exploits of the vulnerability. Firefox users can however enable or disable the plugin at any time in the add-ons manager.

New versions of the JRE can be downloaded from the official Java website. Mozilla recommends to update Java as soon as possible and disable the plugin in the meantime to protect the browser from exploits.

You can read the full announcement here at the official Mozilla blog. You can access a list of plugins and add-ons that have been added to the blocklist here.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. zemaitux said on August 14, 2012 at 11:54 pm
    Reply

    A link that says it`s a link to ” Mozilla Plugin Check”, redirects me to http://www.teamfortress.com/mvm/machines/.

  2. Paul(us) said on August 14, 2012 at 11:57 pm
    Reply

    As we speak Java today rolled out there new updates:
    Sun Java Runtime Environment 6 Update 34 (32 – and 64 bit) (2012-08-14)
    and also
    Sun Java Runtime Environment 7 Update 6 (32 – & 64 Bit) (2012-08-14)

  3. ricks said on August 15, 2012 at 12:03 am
    Reply

    also for me, it redirects to http://www.teamfortress.com/mvm/machines/.

  4. H Macmillan said on August 15, 2012 at 2:13 am
    Reply

    @zemaitux and @ricks

    I also get redirected to this page:
    http://www.teamfortress.com/mvm/machines/

    Sure hope it hasn’t been booby-trapped!

    1. bungeshea said on August 15, 2012 at 5:29 am
      Reply

      I doubt that it has been booby-trapped. I think that Martin has just got the links confused.

      1. Martin Brinkmann said on August 15, 2012 at 9:01 am
        Reply

        Yes sorry for that, link has been replaced. No need to worry.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.