Java block now complete for Mac OS X

Jorge Villalobos

46

Continuing with our effort to eradicate vulnerable versions of the Java plugin, we are now blocking it for all versions of Mac OS X. We had previously blocked it for old Mac OS X versions because they would not be updated anyway, and we were holding off on updating modern versions because of a bug in the Add-ons Manager that is now fixed in Firefox 12.

All users of Mac OS X 10.6 and above should have already been prompted to install this update. In order to avoid the block, please update immediately using Software Update. If for some reason you need to continue using an old version of the plugin, you can re-enable it in the Add-ons Manager.

46 responses

  1. Jordi wrote on :

    Dear Jorge,

    I use Firefox in Mac OS X 10.5.8, and I’ve found I cannot use Java anymore. If I enable the Java plug-in, Firefox shuts down whenever it would be due to use it.

    Is there a way I can get the Java plug-in enabled in my computer for a couple of hours, and then to disable it afterwards?

    I understand upgrading to 10.7 would be another solution. But I should need to use Java right now if possible.

    Thank you for you work,

    Jordi

    1. Jorge Villalobos wrote on ::

      Hello Jordi,

      When you say Firefox shuts down, do you mean that it crashes? If so, then there’s a different problem going on in your computer. You should be able to enable Java and use it temporarily, as you described. The problem could be with your Java installation or the page you’re trying to load (this is the most likely cause).

      1. Sheila wrote on :

        I’m having exactly the same problem as Jordi. Java stopped working, and if I re-enable the plug-in, Firefox crashes when it needs Java!
        What to do?
        I can’t get into my netbank anymore…

        1. Jorge Villalobos wrote on ::

          You should visit our plugin check page and update your Java plugin to the latest version.

  2. Jordi wrote on :

    Thank you, Jorge. Yes, it crashes. And the problem happens with any page requiring Java. I’ll see how can I install Java again.

  3. Bit wrote on :

    I’m running Windows, and just received a message that the Java Version 6 Update 31 that I use is being BLOCKED. The previous blog updates here indicated that version 31 was okay; it was only those updates below 31 (and a range of version 7) that were being blocked. Has 31 been compromised? Why wasn’t that vulnerability known serveral weeks ago when versions below 31 were first blocked? I’m not awlays connected to the internet, but jeepers, update 31 is only about 10 weeks old, and is already considered toast?

    1. Jorge Villalobos wrote on ::

      Update 31 should not be blocked. The information about the Windows block is here. What does about:plugins say about your plugin?

  4. Anita wrote on ::

    I just downloaded the newest version of Java. Now I can’t play most of my games. I get a popup saying I need to install the newest version Of Java. I’m ready to pull my hair out.

  5. Anita wrote on ::

    I have a Mac

    1. Lee wrote on :

      I have the same problem! On a Mac and getting the same message about it not having the needed update (which I’ve downloaded 10, seriously, 10 times. I’ve enabled the Java, I’ve closed down the browser for it to take effect…nothing will let me play my games in Pogo. Scrabble, Hearts, Tumble Bees, Crossword, Gin, Puzzle, etc. I can play Whomp and the Clue games and FreeCell & Spider Solitaire, but that’s it. You would think that if Java covers these games why not the others. And this happens every freakin’ month when Java decides to give us an update! They shouldn’t be allowed to keep you from something that you want to do like this…I’m retired and this is what I do during the day. I’m fed up with it. I don’t even remember what worked the last time I went thru this, I know it took about a week to get everything back, with a lot of tears in the meantime.

      1. Lee wrote on :

        Hah! I didn’t realize that your note was left a year ago!

  6. AJ wrote on :

    FF hard-blocked “Classic Java Plug-in 1.6.0_U31 for Netscape and Mozilla” (6.0.310.5) in Win7.

    about:plugins shows:

    Java(TM) Platform SE 6 U31

    File: npjp2.dll
    Version: 6.0.310.5
    Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers

    note that all entries under this plug-in are listed as Enabled (yet test at java.com fails).

    Why is 1.6.0_U31 hard-blocked? I thought that version was supposed to be OK. Thank you.

    1. Jorge Villalobos wrote on ::

      If the plugin is enabled, then it isn’t blocked and something else is wrong.

  7. Jen wrote on :

    I am using MAC running OS X 10.5.2. As your blog indicated, my Java has been blocked. I followed the instructions for Update Software under the apple icon but that last time my Java plug-in to Mozilla was updated was June 2011. Any suggestions on how to resolve except for upgrade Mac OS? Thanks.

    1. Carlos wrote on :

      I have the same problem. I am using Mac OS X 10.5.8. and this problem is not fixed by using Software Update. In fact, there is no update. Java works fine in Safari and Google Chrome. It also works fine in Firefox if using OS Lion. Will this be resolved any time soon?

      1. Jorge Villalobos wrote on ::

        See the blog post on Mac OS X 10.5. If you really need Java, you can re-enable it at your own risk. However, you should know that it is an unsafe version that can get your system compromised. I would recommend enabling it only when necessary and keeping it disabled the rest of the time.

        1. kat wrote on :

          so ur saying i can no longer use java (have a complete web experience) cuz I have an intel core duo Mac (one needs a core 2 duo Mac to upgrade to OS 10.7) thanks bunches

          1. Jorge Villalobos wrote on ::

            You can use it, at your own risk. You should be able to enable the plugin in the Add-ons Manager. If you can’t do it, please let me know.

    2. Jorge Villalobos wrote on ::

      See the blog post on Mac OS X 10.5. If you really need Java you can re-enable it at your own risk. However, you should know that it is an unsafe version that can get your system compromised. I would recommend enabling it only when necessary and keeping it disabled the rest of the time.

  8. Jay wrote on :

    As of May 23, 2012, Firefox 12 is blocking Java 6 update 32 across all the workstations on my network. According to Oracle, 6u32 is up-to-date and not in any way vulnerable. Due to compatibility issues, we have absolutely no plans to deploy Java 7 at this time. The helpdesk is _not_ amused.

    1. Jorge Villalobos wrote on ::

      Can you give us the Java plugin information you see in about:plugins? Don’t include the MIME Type table.

    2. astro nut wrote on :

      Jay, I feel your pain….FF and Sun Java have combined to make me waste almost two full days trying to get them to play nice together….to say I’m PO’d doesn’t come close to it! I use multiple websites that require the JRE runtime environment, TD Ameritrade’s real time stock streamer being the most important.

      Yesterday morning things went haywire – won’t bother to list everything I tried, but here are a few:

      1. Upgraded from FF 3.6.10 (stable since forever) to 3.6.26 – no joy.
      2. Uninstalled all Java versions using Revo Uninstaller’s full blown “erase all tracks” option (it didn’t),
      3. installed the latest and greatest (HAH!) version of Java, 7.4, immediately upon launching the streamer app FF crashed, not a freeze, it shut down. As is every time I tried, despite disabling various Java options.
      4. Wiped the drive of V7.4, used JavaRe to remove all traces of old versions (it didn’t), rebooted, reinstalled JRE V6.10.30 – no joy, stock charts missing all kinds of data, although FF wasn’t crashing anymore.
      5. Uninstalled that version, used RegScanner to find every mention of Java including Javasoft <== most folks miss this one, and deleted them.
      6. Used a registry tweaker to find all messed up reg entries, ones I may have missed in my manual search. Rebooted again.
      7. Finally did a 100% clean install of JRE6.10.32 and got my life back.

      This is insanity at it's worst! Oh, forgot to mention one thing – after checking to make sure the req'd plug-ins and extensions were there for Java to run properly, I noticed the

      "Classic Java Plug-in 1.6.0_32 for Netscape and Mozilla has been Disabled for your protection."

      blurb, which how I ended up here – that warning/disabled bit wasn't there prior to today, and clicking on the "learn more" link shows:

      "Who is affected?
      All Firefox users who have installed the Java plugin, JRE versions below 1.6.0_31 or between 1.7.0 and 1.7.0_2."

      Which my version is decidedly NOT. WTF? (sorry 'bout the mismatched bass-ackwards Java versions reported by Sun and Mozilla, just another annoying/frustrating issue we all need to deal with)

  9. norm wrote on :

    Yeah. I’m running OS X 10.6 and I just installed FF 12, which is otherwise fine. You say my installed Java RE is unsafe and disable it, and that Apple has an upgrade. They don’t. There is no Java upgrade available when I look at Software Update.

    1. Jorge Villalobos wrote on ::

      Which version of the Java plugin do you have now? Can you paste your details from about:plugins (without the MIME type stuff)?

  10. william wrote on :

    all of u with mac os 10.5.8 please take a look at the little gems that apple installed on ur computer in the may software update and u will see the root of all ur problems. i do not remember exactly where or what since i am but a novice. all i kno is that im on beta 14 and java works fine now, once i removed two apple commands that essentially disabled, but not removed, java. this is all the info i have.

  11. Rob wrote on :

    I’m using Mac OS X 10.6.8 and Firefox 13 with the latest JAVA update from Apple (1.6.0_33-b03-424) installed yesterday. According to the JAVA control panel, applet plugins are activated. With Safari, I can use JAVA applets. With Firefox, I can’t. I restarted Firefox, but it didn’t change anything. Until yesterday, everything worked fine with Firefox.

    The plugin check page

    https://www.mozilla.org/en-US/plugincheck/

    says “For your safety, Firefox has disabled your outdated version of Java.”

    Outdated? Are you kidding me? The JAVA plugin doesn’t even show up in the Plugins section in Add-On Manager.

    With Safari, it says

    “Version: JAVA SE 6 Update 33
    OS: Mac OS X 10.6.8
    Architecture: x86_64″

    1. Rachel wrote on ::

      I have exactly the same issue. The above replies seem to indicate that I should be able to enable Java in the plugins section of the add-ons manager, but there is nothing related to Java listed in the plug-ins.

    2. Rachel wrote on ::

      Rob, I stumbled across the solution to this problem. Here you go:

      In the Firefox menu, I chose Help>Troubleshooting Information, and clicked “Show in Finder” under Application Basics. I then quit Firefox, clicked on the Profile folder, deleted the file “pluginreg.dat”, and restarted Firefox. Java now shows up among my plugins, and is enabled by default. The failure of pluginreg.dat to update automatically was supposed to be an old Firefox problem that has been solved, but apparently that is not always the case.

      1. Rob wrote on :

        Yes, this solves the problem for me. Thank you so much!

      2. TJ wrote on :

        Had the exact same annoying problem, solved with this as well. Thank you!

      3. SteveE wrote on :

        Also wanted to say thanks; stopping FireFox, deleting pluginreg.dat, and restarting FF made the Java plugin magically reappear and be enabled :) (FireFox 13.0.1 on OSX 10.6.8)

        1. Bruce wrote on :

          Rob –

          Thanks so much for posting this. I thought I was going crazy with a mobius loop of Mac > Firefox > Java help pages all pointing to each other!
          (FireFox 13.0.1 on OSX 10.6.8)
          Glad I did not have to update OS to solve the issue.

      4. AndyW wrote on :

        Thank you for this information. I have been pulling my hair out for days every since I updated Java on my Mac to 1.6.0_33.
        (FireFox 14.0.1 on OSX 10.6.8).
        Deleting the file fixed it for me.

  12. Martin wrote on ::

    I’m finding that FF 10.0.5 ESR on Win7 is blocking 6u33 because it’s outdated but doesn’t block 6u31? Wonder if some regex somewhere has an error in it?

  13. Eric wrote on :

    A block message points to a page that says who’s affected: “All Firefox users who have installed the Java plugin, JRE versions below 1.6.0_31 or between 1.7.0 and 1.7.0_2.”

    However, the plug-in that is claimed to be newly blocked is Java Plug-in 2 for NPAPI Browsers 13.7.0″, which is of course much higher than 1.7.0. Furthermore, though I’ve been using FF daily (now 13.0), the block message just popped up now, in August.

    If only it made more sense than Mozilla proclaiming a major upgrade every two months …

    1. Jorge Villalobos wrote on ::

      There’s a new block that covers more recent versions of Java.

  14. Jen wrote on :

    I have MAC OS X 10.5.8. I did a software update but it says there are no updates available at all, including Java… and what do I do?

    1. Jorge Villalobos wrote on ::

      You should be able to enable the plugin again in the Add-ons Manager, in the Plugins pane.

      1. Jen wrote on :

        Yeah I can, but it says that it’s being blocked for my protection because there’s stability and security issues…

        1. Jorge Villalobos wrote on ::

          You can uncheck the checkbox that says “Disable” and then it won’t be disabled. Unfortunately, 10.5 users don’t have a good upgrade path. You might want to try downloading Java from java.com. They could have a 10.5 compatible version that is not vulnerable to known attacks.

  15. delfosse françoise wrote on ::

    java plug-in 2 for NPAPI BROwSERS A ÉTÉ BLOQUÉ: je ne peux plus faire la déclaration modèle 210 a agenciatributaria.gob.es
    ceci pour des raisons de sécurité
    que dois-je faire?

    SI VOUS AVEZ UNE SOLUTION, RÉPONDEZ-MOI EN FRANçAIS OU EN ESPAGNOL

    MON ORDINATEUR EST MAC OS X version 10.5.8

    merci

  16. Laura wrote on :

    I have a fairly new Mac Book Pro and have been using Java for a games site. Tonight, I couldn’t access the games and this message came up:
    The version of “Java” on your system does not include the latest security updates and has been blocked. To continue using “Java”, download an updated version from Oracle’s website.

    I have downloaded the version from Oracle, however I am still getting the same message coming up.

    Just wondered whether you had any suggestions at all?

    Thanks in advance.

    1. Jorge Villalobos wrote on ::

      Have you changed any settings in your browser? It’s possible that you’re getting the blocklist data from our test server and not our production server. To fix it, you need to open about:config, look for extensions.blocklist.url and reset it. In any case, we are planning on blocking all versions of Java later today, because of a serious security vulnerability that affects the latest versions.

      1. Dennis wrote on :

        Hola Jorge,

        Any idea when firefox will be enabling java again?

        Can’t access my netbank or anything else working with nem-id (Danish access system used by all public institutions).

        I believe it’s got something to do with me being a Mac user aswell. I have mountain lion and all my plugins are up to date.

        Any workaround this?

        Thanks

        Dennis from Denmark

        1. Jorge Villalobos wrote on ::

          The latest versions of the Java plugin (Java 7 updates 12 and 13) aren’t blocked, so just updating should be sufficient. If your system doesn’t support updating to those versions, then you need to enable the plugin the Add-ons Manager and use it at your own risk.

  17. Laura wrote on :

    I just went on your plug in page, and it says there that my Java is up to date.