Mozilla adds Java 7 Update 7 to blocklist
We all know that it is important to keep installed browser plugins up to date to protect the browser and underlying system from attacks that exploit potential vulnerabilities. Mozilla's plugin check web service attempts to inform Firefox users when plugins are out of date or insecure. It is a passive site, which means that it does not force Firefox users to upgrade even though it may be recommended to do so because of security or stability reasons.
Another recent change that Mozilla made is the integration of click-to-play in the browser which prevents the execution of contents on sites that require plugins to run, and the combination of the feature with Mozilla's blocklist. Plugins and add-ons are added to the blocklist if their contain critical security vulnerabilities, cause stability issues, impact performance or are malicious in nature.
Mozilla has added Java 7 plugin 7 and previous versions of Java to the blocklist for all supported operating systems due to a critical security vulnerability that is actively exploited in the wild. Items on the blocklist are automatically disabled by Mozilla for all Firefox users unless users explicitly decide to keep the plugin enabled for the time being.
It is recommended that Firefox users update Java to the latest release if they are running an outdated version of the software on their system. The latest Java Runtime Environment downloads are available on the official Java website. You can alternatively use a software like JavaRa to update the Java Runtime or remove the software completely from the system (Windows only).
It is not the first time that outdated Java versions have been added to the blocklist, and it is very likely that it won't be the last.
Here are some options to protect your system from future issues with Java:
- Click to Play prevents Java contents from being automatically run when you connect to websites
- An extension like NoScript blocks Java as well from running automatically
- If you are not sure if you need Java, disable the plugin by loading about:addons in the browser, switching to plugins and clicking on disable next to all Java entries there. Check how to disable Java in your browser for additional information.
- If you only need Java on the desktop, try jPortable, a portable Java version that does not integrate the plugin in web browsers.
Have you checked the version of Java on your system lately? Is it up to date or in need of an update?
Advertisement
I have been using the NoScript add-on, which you mentioned, for quite some time
and have personally found it to be the single most important and useful tool for web browsing with regard to security.
95% of the time, my experience is that I am able to access all of the necessary
elements of the sites I visit with NoScript blocking all or part of the Java elements
on the page.
NoScript is a very useful tool, with many options, and I highly recommend it to all
Firefox users.
PS:
Martin – Have you posted an article about NoScript in the past ? If not, perhaps it
could prove very helpful and informative to those users of Firefox who are
unfamiliar with it.
Java has nothing to do with JavaScript.