Mozilla adds Java 7 Update 7 to blocklist

Martin Brinkmann
Nov 23, 2012
Updated • Nov 23, 2012

We all know that it is important to keep installed browser plugins up to date to protect the browser and underlying system from attacks that exploit potential vulnerabilities. Mozilla's plugin check web service attempts to inform Firefox users when plugins are out of date or insecure. It is a passive site, which means that it does not force Firefox users to upgrade even though it may be recommended to do so because of security or stability reasons.

Another recent change that Mozilla made is the integration of click-to-play in the browser which prevents the execution of contents on sites that require plugins to run, and the combination of the feature with Mozilla's blocklist. Plugins and add-ons are added to the blocklist if their contain critical security vulnerabilities, cause stability issues, impact performance or are malicious in nature.

Mozilla has added Java 7 plugin 7 and previous versions of Java to the blocklist for all supported operating systems due to a critical security vulnerability that is actively exploited in the wild. Items on the blocklist are automatically disabled by Mozilla for all Firefox users unless users explicitly decide to keep the plugin enabled for the time being.

It is recommended that Firefox users update Java to the latest release if they are running an outdated version of the software on their system. The latest Java Runtime Environment downloads are available on the official Java website. You can alternatively use a software like JavaRa to update the Java Runtime or remove the software completely from the system (Windows only).

It is not the first time that outdated Java versions have been added to the blocklist, and it is very likely that it won't be the last.

Here are some options to protect your system from future issues with Java:

  • Click to Play prevents Java contents from being automatically run when you connect to websites
  • An extension like NoScript blocks Java as well from running automatically
  • If you are not sure if you need Java, disable the plugin by loading about:addons in the browser, switching to plugins and clicking on disable next to all Java entries there. Check how to disable Java in your browser for additional information.
  • If you only need Java on the desktop, try jPortable, a portable Java version that does not integrate the plugin in web browsers.

Have you checked the version of Java on your system lately? Is it up to date or in need of an update?


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Straspey said on November 23, 2012 at 4:18 pm

    I have been using the NoScript add-on, which you mentioned, for quite some time
    and have personally found it to be the single most important and useful tool for web browsing with regard to security.

    95% of the time, my experience is that I am able to access all of the necessary
    elements of the sites I visit with NoScript blocking all or part of the Java elements
    on the page.

    NoScript is a very useful tool, with many options, and I highly recommend it to all
    Firefox users.


    Martin – Have you posted an article about NoScript in the past ? If not, perhaps it
    could prove very helpful and informative to those users of Firefox who are
    unfamiliar with it.

    1. hum said on November 27, 2012 at 11:42 pm

      Java has nothing to do with JavaScript.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.