Mozilla adds old Java plugins to blocklist

Melanie Gross
Aug 14, 2012
Updated • Aug 15, 2012
Firefox
|
6

Mozilla maintains a blacklist for add-ons and plugins that are either a security risk for users of Mozilla products they are compatible with, or cause stability issues when they are installed in a product. The blacklist acts like a global filter that blocks plugins and add-ons on it from being run in the Firefox web browser or other Mozilla products.

Today Mozilla announced that it has added old Java plugin versions to the blocklist to protect users from a critical vulnerability. The vulnerability is present in older versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE). To be precise, it is affecting the Java plugin version 6 update 32 and earlier, and the Java plugin version 7 update 4 and earlier. All newer versions are not affected by the vulnerability as it has been fixed in both products with the June 2012 update.

Firefox and other Mozilla product users are asked to check their version of Java to make sure the plugin is up to date. This is done by loading about:addons in the browser, switching to plugins on the left sidebar, and looking for Java plugin versions there. Another option is to open the Mozilla Plugin Check website to verify the installed Java version this way. The plugin check service works with other browsers as well.

java vulnerability firefox blocklist

Affected versions of the Java plugin are automatically disabled, unless users actively choose to keep the plugin enabled despite the risk  of being targeted by exploits of the vulnerability. Firefox users can however enable or disable the plugin at any time in the add-ons manager.

New versions of the JRE can be downloaded from the official Java website. Mozilla recommends to update Java as soon as possible and disable the plugin in the meantime to protect the browser from exploits.

You can read the full announcement here at the official Mozilla blog. You can access a list of plugins and add-ons that have been added to the blocklist here.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. H Macmillan said on August 15, 2012 at 2:13 am
    Reply

    @zemaitux and @ricks

    I also get redirected to this page:
    http://www.teamfortress.com/mvm/machines/

    Sure hope it hasn’t been booby-trapped!

    1. bungeshea said on August 15, 2012 at 5:29 am
      Reply

      I doubt that it has been booby-trapped. I think that Martin has just got the links confused.

      1. Martin Brinkmann said on August 15, 2012 at 9:01 am
        Reply

        Yes sorry for that, link has been replaced. No need to worry.

  2. ricks said on August 15, 2012 at 12:03 am
    Reply

    also for me, it redirects to http://www.teamfortress.com/mvm/machines/.

  3. Paul(us) said on August 14, 2012 at 11:57 pm
    Reply

    As we speak Java today rolled out there new updates:
    Sun Java Runtime Environment 6 Update 34 (32 – and 64 bit) (2012-08-14)
    and also
    Sun Java Runtime Environment 7 Update 6 (32 – & 64 Bit) (2012-08-14)

  4. zemaitux said on August 14, 2012 at 11:54 pm
    Reply

    A link that says it`s a link to ” Mozilla Plugin Check”, redirects me to http://www.teamfortress.com/mvm/machines/.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.