Mozilla adds all recent Java versions to blocklist

Martin Brinkmann
Feb 26, 2013

Java received some bad press in recent months due security vulnerabilities that were discovered by security researchers more or less on a constant basis. What this basically means is that Java use on the web was not really safe in that period, and that upgrading Java regularly only resolved some of the issues but not all that were discovered in that time period.

The situation today is not that different. Even the latest Java version, which is Java Plugin 7 update 15 for Linux, Windows and Mac OS X, is vulnerable to certain forms of attacks.

My recommendation back in 2012 was to disable Java in the browser unless you need it for important site functionality. If that is the case, my recommendation was to either install NoScript in Firefox or make use of Click To Play to prevent the automatic loading of Java contents on websites you visit, or use a special browser only for visiting those websites.

Mozilla started to make use of its blocklist to protect users of the Firefox web browser from falling pray to attacks or running insecure versions of Java while using the Internet browser.

The company added all recent versions of Java to its list of blocked add-ons. Software listed here is automatically disabled in the browser unless users explicitly activate it again.

java blocked firefox screenshot

While it is possible to enable Java again by visiting the add-ons manager in the browser, by loading about:addons, it is suggested not to do so. If you need Java your best option to deal with the situation is to enable click to play in Firefox which will prevent Java contents from being loaded automatically on the web.

If you are using a different web browser, it is highly recommended to disable Java in that browser as well. If you can't, try installing an extension that prevents Java from being loaded automatically, or using a feature like click to play instead.

The following versions of Java have been blocked by Mozilla on February 25, 2013:

  • February 25, 2013: Java Plugin 6 updates 39 to 41 (click-to-play), Linux
  • February 25, 2013: Java Plugin 6 updates 39 to 41 (click-to-play), Windows
  • February 25, 2013: Java Plugin 6 updates 39 to 41 (click-to-play), Mac OS X
  • February 25, 2013: Java Plugin 7 update 12 to 15 (click-to-play), Linux
  • February 25, 2013: Java Plugin 7 update 12 to 15 (click-to-play), Windows
  • February 25, 2013: Java Plugin 7 update 12 to 15 (click-to-play), Mac OS X

In addition, Flash Player plugin versions from to have been switched to click to play automatically. While they still work, they only activate when you accept the prompt in the browser to do so.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Ramesh Khanna said on February 26, 2013 at 12:01 pm

    how do i disable java in chrome? I have not installed a Java plug-in and no Java plug-in shows up in chrome’s task manager which shows a shockwave flash plug-in which i have also not deliberately installed.

    1. Martin Brinkmann said on February 26, 2013 at 12:45 pm

      type in chrome://plugins

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.