dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10279
share rss forum feed


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
reply to chachazz

Re: Warning: 0-Day vulnerability in Java 7

I get a kick out of this. On one of my XP Machines after going back to the 'test site' that was posted earlier
»zulu.zscaler.com/research/java_version.html

I get the following:



Guess everything is all better now.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I got the same result but I wouldn't be worried
--
Don't feed trolls--it only makes them grow!



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

In the famous words of Alfred E. Neuman:

"What, me worry?"



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

quote:
Don't Worry, Be Happy

-Bobby McFerrin

»www.youtube.com/watch?v=yHFDa9efCQU

--
Don't feed trolls--it only makes them grow!

EdmundGerber

join:2010-01-04
kudos:1

1 recommendation

reply to Mele20

said by Mele20:

So, is Mozilla now allowing use of version 6? I had TO STOP using Java on Fx because of them not allowing version 6.

Fx is not Chrome. Mozilla has no business telling me what I can and cannot use on my browser. They are much worse now than Microsoft. HYPOCRITES also since they caved to Melih but now try and say how much they protect their users. BS.

Mozilla so far seems to be the only browser maker talking about this, and actually coming up with workarounds. And for that they are terrible?

Yes - Mozilla is terrible. Please stop using their products immediately.*

*Because we're tired of your constant derailment of every frigging thread!


therube

join:2004-11-11
Randallstown, MD

1 recommendation

(oops. looks like I should have really replied to Mele.)

Since when couldn't you use 6 in Mozilla?
I can, I have & have had it.

There have been times when Mozilla has blocked either extensions/plugins outright, or for particular version that have known vulnerabilities.

So yes, they may very well block Java 1.7u01 to 1.7u06, forcing you to go to 1.7u07.

Actually they do something just like that.

- <pluginItem blockID="p119">
  <match name="name" exp="Java\(TM\) Plug-in 1\.(6\.0_(\d|[0-2]\d?|3[0-2])|7\.0(_0?([1-4]))?)([^\d\._]|$)" /> 
  <match name="filename" exp="libnpjp2\.so" /> 
  <versionRange severity="1" /> 
  </pluginItem>
- <pluginItem blockID="p125">
  <match name="name" exp="Java\(TM\) Platform SE ((6( U(\d|([0-2]\d)|3[0-2]))?)|(7(\sU[0-4])?))(\s[^\d\._U]|$)" /> 
  <match name="filename" exp="npjp2\.dll" /> 
  <versionRange severity="1" /> 
  </pluginItem>
 

If I had a problem with that, & the stupidity to do so, I could work around it.


therube

join:2004-11-11
Randallstown, MD

1 recommendation

reply to chachazz

quote:
Lastly, starting this week in Aurora and Beta we’ll begin adding the components of click-to-play, a Firefox security control that helps protect users against outdated and vulnerable plugins. We anticipate this new security feature to be fully operational by Firefox 18.

Note that currently, Java blockage looks to be broken in NoScript, in Aurora/Beta, so do not count on that.
You can enable (the Mozilla preference) plugins.click_to_play in about:config.


fritz43

join:2004-03-14
Wheeling, WV
reply to JALevinworth

From How-to Geek:

"As usual, theres yet another security hole in the Java Runtime Environment, and if you dont disable your Java plugin, youre at risk for being infected with malware. Heres how to do it.

Security holes are nothing new, but in this case, the security hole is really bad, and theres no telling when Oracle will get around to fixing the problem. Plus, how often do you really need Java while browsing the web? Why keep it around?
Should You Disable Java or Uninstall it?

Ideally, both. Otherwise:

If you dont rely on any applications that use Java, and you dont visit any sites that require Java in the browser, you should just completely remove the entire framework from your computer.
If you use applications that require Java, you should disable the plugin in the browser.
If you are forced to use Java in the browser for a specific site, you should disable Java in your main browser, and then use an alternate browser just for that one single site.

For regular users, theres very little reason to keep Java around.

Note: many readers pointed out that the fun and extremely geeky game Minecraft requires Java. Obviously if youre a geek, you deserve some Minecraft�€“but you should still disable the Java plugin in the browser.
How to Uninstall Java Entirely

Just like anything else, you need to head to Control Panel �€“> Uninstall Programs and uninstall it from there. Find anything else that has Java, JRE, JDK, or anything similar, and click the Uninstall button�€”it is completely free, so you can easily reinstall it if you really have to."

Agree? Disagree?
--
Help stamp out hate; and haters.



kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to jabarnut

Click for full size
Yet mine shows what it should about the 0-day exploit.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to therube

said by therube:

Note that currently, Java blockage looks to be broken in NoScript, in Aurora/Beta, so do not count on that.
You can enable (the Mozilla preference) plugins.click_to_play in about:config.

therube, do you think that the problem with noscript's not blocking "java" is only when using "noscript" with "aurora", which, i assume, is a beta version of "firefox"? or, is "noscript" not blocking "java" at all, regardless of which version of "firefox" one is using? or, you don't know?


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to kickass69

said by kickass69:

Yet mine shows what it should about the 0-day exploit.

Yes..mine does now also..but jabarnut I think was correct..since I checked mine just after he posted and it said "yes"..but now it says "no" like yours and I had the same version each time...so I am assuming it was a change they made.. thanks for testing it. Not nice when a test thing is crap.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

1 edit

Interesting...yeah, I hadn't checked that site since early this morning when I posted that and it said "yes", and mine says "no" now as well. (With the same version of Java).
So they've, um, "fixed" it.
Now, it appears they apparently need to "fix" it again so it says "yes" again. LOL!
--
I had a life once.....now I have a Computer and a Modem.



therube

join:2004-11-11
Randallstown, MD

1 edit
reply to redwolfe_98

Aurora, so Firefox 17.
I haven't actually looked at FF 16.
I did look at FF 15.0, & it is working as expected with that.

Edit:

I had an older (July 12) version of 16, & it is working there.
Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/16.0 Firefox/16.0

Though don't know if that is still the case with a more recent build?

Edit2:

And working here also:
Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20120827 Firefox/16.0


sludgehound

join:2007-03-12
New York, NY
reply to jabarnut

Java installed: No
Are you vulnerable to the latest 0-day exploit: No

That's from zulu link. Odd thought I'd run Java as soon as fix was
available. Maybe it failed since did have several prgs open. Think it wanted a reboot which usually not the case. Did that but now guess have to do a fresh install. Or just leave bloody well alone.

Random fortune from 'wisdom'
For fast-acting relief, try slowing down.



therube

join:2004-11-11
Randallstown, MD
reply to therube

> currently, Java blockage looks to be broken in NoScript, in Aurora/Beta

Fixed in the latest development build.

v 2.5.4rc1 (now up to rc2)
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17 and above