dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to chachazz

Re: Warning: 0-Day vulnerability in Java 7

So, is Mozilla now allowing use of version 6? I had TO STOP using Java on Fx because of them not allowing version 6.

Fx is not Chrome. Mozilla has no business telling me what I can and cannot use on my browser. They are much worse now than Microsoft. HYPOCRITES also since they caved to Melih but now try and say how much they protect their users. BS.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:16

4 edits
said by Mele20:

I have Java 6 update 7 (still says "Sun" on the about tab).

said by Mele20:

So, is Mozilla now allowing use of version 6? I had TO STOP using Java on Fx because of them not allowing version 6.

Java version 6 can be used above update 30:
»blog.mozilla.org/addons/2012/04/···ng-java/
said by Mozilla blog April 2012 :
This vulnerability present in the older versions of the JDK and JRE is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date.

Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms.

Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied.

The Java website also has a different, much older, notice. The Java interface used by versions earlier then Java 6 update 10 aren't compatible with Firefox 3.6 and later (and probably Opera 10.2 and later for the same reason):
»java.com/en/download/faq/firefox···ugin.xml
said by Java website, posted around December 2009 :
Starting in Firefox 3.6, Mozilla foundation will drop support on OJI (Open Java Virtual Machine Integration) and will only support the standard NPAPI and NPRuntime interfaces. The Java Plug-in which is in Java version 6 update 10 or newer versions supports the NPAPI and NPRuntime interfaces. Therefore, starting with Firefox 3.6, Java-based applets will NOT work unless you are running Java version 6 Update 10 or newer.
So Mozilla has always allowed Java 6 to run on Firefox version 3.6 or newer as long as it's been above Java 6 update 10 (I was running Java 6 up until last week). In February 2012 Java blocking was started to a minimum Java 6 update 31. Good reason to update your Java 6 update 7 (released in 2008), since it shouldn't have worked since Firefox 3.6.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.

EdmundGerber

join:2010-01-04
kudos:1

1 recommendation

reply to Mele20
said by Mele20:

So, is Mozilla now allowing use of version 6? I had TO STOP using Java on Fx because of them not allowing version 6.

Fx is not Chrome. Mozilla has no business telling me what I can and cannot use on my browser. They are much worse now than Microsoft. HYPOCRITES also since they caved to Melih but now try and say how much they protect their users. BS.

Mozilla so far seems to be the only browser maker talking about this, and actually coming up with workarounds. And for that they are terrible?

Yes - Mozilla is terrible. Please stop using their products immediately.*

*Because we're tired of your constant derailment of every frigging thread!


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

1 recommendation

(oops. looks like I should have really replied to Mele.)

Since when couldn't you use 6 in Mozilla?
I can, I have & have had it.

There have been times when Mozilla has blocked either extensions/plugins outright, or for particular version that have known vulnerabilities.

So yes, they may very well block Java 1.7u01 to 1.7u06, forcing you to go to 1.7u07.

Actually they do something just like that.

- <pluginItem blockID="p119">
  <match name="name" exp="Java\(TM\) Plug-in 1\.(6\.0_(\d|[0-2]\d?|3[0-2])|7\.0(_0?([1-4]))?)([^\d\._]|$)" /> 
  <match name="filename" exp="libnpjp2\.so" /> 
  <versionRange severity="1" /> 
  </pluginItem>
- <pluginItem blockID="p125">
  <match name="name" exp="Java\(TM\) Platform SE ((6( U(\d|([0-2]\d)|3[0-2]))?)|(7(\sU[0-4])?))(\s[^\d\._U]|$)" /> 
  <match name="filename" exp="npjp2\.dll" /> 
  <versionRange severity="1" /> 
  </pluginItem>
 

If I had a problem with that, & the stupidity to do so, I could work around it.