Mozilla Issues Java Block and Notifications for Firefox
Mozilla has implemented the solution to the Java exploits that have been wreaking havoc this past week. A few days ago, Mozilla announced plans to disable the vulnerable plugin in Firefox, but also provide a notification system to let users know that the plugin has been blocked when they visit sites that require it.
That system is now live and users will start seeing the notifications soon. In the meantime, Oracle also released an emergency update to Java fixing the vulnerabilities actively exploited in the wild.
"We have enabled an update notification that will show up every time a user visits a site with a Java applet using a vulnerable Java plugin. The notification points to our Plugin Check page, which should assist users in getting Java up to date," Mozilla announced.
"This block will be initially applied to Windows users and Linux users who have the Oracle version of the Java RE, but we expect to extend it to Mac OS X (where the majority of users are unaffected) and the IcedTea plugin on Linux," it said.
The block is still in place for vulnerable versions, but at least users have a patched version available. Initially, it wasn't clear whether Oracle would update Java ahead of schedule. Mozilla's block would have affected all Java versions, though users would have been able to re-enable the plugin if they needed it.
Mozilla issues this type of blocks quite regularly, unfortunately, to either disable vulnerable plugins or ones that are causing a lot of crashes in Firefox.
The issue should be less of a problem once Firefox gets a proper implementation of the click-to-play plugins feature. The feature is built into Firefox 15 but is disabled by default. Click-to-play plugins should be ready for a wide release by the time Firefox 18 comes out, a few months from now.
That system is now live and users will start seeing the notifications soon. In the meantime, Oracle also released an emergency update to Java fixing the vulnerabilities actively exploited in the wild.
"We have enabled an update notification that will show up every time a user visits a site with a Java applet using a vulnerable Java plugin. The notification points to our Plugin Check page, which should assist users in getting Java up to date," Mozilla announced.
"This block will be initially applied to Windows users and Linux users who have the Oracle version of the Java RE, but we expect to extend it to Mac OS X (where the majority of users are unaffected) and the IcedTea plugin on Linux," it said.
The block is still in place for vulnerable versions, but at least users have a patched version available. Initially, it wasn't clear whether Oracle would update Java ahead of schedule. Mozilla's block would have affected all Java versions, though users would have been able to re-enable the plugin if they needed it.
Mozilla issues this type of blocks quite regularly, unfortunately, to either disable vulnerable plugins or ones that are causing a lot of crashes in Firefox.
The issue should be less of a problem once Firefox gets a proper implementation of the click-to-play plugins feature. The feature is built into Firefox 15 but is disabled by default. Click-to-play plugins should be ready for a wide release by the time Firefox 18 comes out, a few months from now.
No comments:
Post a Comment