FYI: Mozilla Blocklisting Older Versions of Java

by Carol~ Moderator - 4/3/12 7:46 AM

From the Mozilla Add-ons Blog:

The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user's computer.

This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date.

Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms.

Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied.

Updated versions of the JRE for Windows and Linux operating systems are available through java.com.

Java for OS X is provided by Apple, but an update to a non-vulnerable version of the JDK or JRE was not available at the time of this posting.

http://blog.mozilla.com/addons/2012/04/02/blocking-java/