Mozilla Add-ons Community Blog
Categories: end users

Java 7 Update 7 Blocked

22 responses

Jata 7 Update 7 is vulnerable to a critical security bug that could lead attackers to compromise the user’s system through the Java plugin. The vulnerability is currently being exploited, and is a serious risk to users. To mitigate this risk, we have added Java 7 Update 7 to the add-on blocklist. Update 6 and below had been blocklisted already due to other vulnerabilities.

Mozilla strongly encourages anyone who requires the Java JDK and JRE to update to the current version as soon as possible on all platforms.

Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied. If the block is accidentally accepted, the plugin can be enabled again in the Add-ons Manager, in the Plugins pane.

Updated versions of the JRE are available on java.com.

 

22 comments on “Java 7 Update 7 Blocked”

  1. Becca wrote on

    That isn’t working for me. I have Firefox 17 on Ubuntu 12.04LTS, on an AMD64 machine. I have Java v7 update 9, and Firefox has disabled it – and I can find no way to re-enable it. It doesn’t even show in the Addons page under Plugins, and every version of the jre that used to work – libjpnp2.so, libjavaplugin_oji.so – refuses to come up.

    1. Jorge Villalobos wrote on

      If it isn’t present in the plugins list, then something else is wrong. Blocklists just disable the plugin, and keep it on the list.

      1. Frank wrote on

        Java is still missing from the plug-ins after installing 7 update 9. Does Oracle need to add this to the Plug-ins or is there something we can do to get Java working again? I dislike having to use IE just to have Java work.

        1. Kirk wrote on

          I’m tired of all of the bugs that have been increasingly prevalent on Firefox. I’ve used it for years but I’m ready to change browsers.

  2. Jason Davey wrote on

    My users cannot use Java plugin Version 7 Update 9 on FireFox 16 AND 17. Rolling back to FF 15 is a workaround.

    1. Jorge Villalobos wrote on

      Do you see a block message? If you click on the more information link, where does it take you?

      1. David Cress wrote on

        I’m running Java 7_10 with Firefox 17.0.1 and get this error when I ask Firefox to check my plugins.

        “For your safety, Firefox has disabled your outdated version of Java. Please upgrade to the latest version.

      2. LiamC wrote on

        As David Cress, I also see this issue. I checked my plugins, was on Java7_9. Firefox indicated that it was out of data. Ran jucheck, which said that j7_10 was available. Downloaded it and install was successful. Firefox was closed before I updated. When I restarted Firefox, and checked plugins again, the java plugins were missing. Message on plugincheck page is

        Missing JAVA?

        For your safety, Firefox has disabled your outdated version of Java. Please upgrade to the latest version.

        Which is funny, because it is the latest. I had to re download the installer from Oracle.

        This has happened on three separate machines of mine. All were as described above.

  3. Sera McCauley wrote on

    So, it seems in the past day or two Firefox has decided to download JRE 7 Update 10 (at least this is what I’m guessing). I know this is an old post, but I positively cannot seem to get things to work anymore. My java worked fine yesterday, and today everything has broken. It either freezes or says ‘error, click here to view’ which…doesn’t lead to anything. I have tried installing and uninstalling older versions, and nothing seems to work. Even after installation, only the JDK seems to load, and the other option I used to have in my add-ons is gone..

  4. adrian wrote on

    hi
    java 7 update 10 not works/run in firefox 17.01 why?

  5. Alejandro wrote on

    Hello Jorge, I have a few questions regarding the new CTP Blocklist I wish I could solve. I understand that with the new version of Firefox (18) is going to block all versions of java with CTP Blocklist. My question is I have to start my website I have to have a specified version of java (u33) where my clients will get this new version of Firefox (18) will block until the java selected in the navigation bar firefox that allow this plugin to this site. But this permission is forever or in the future may be blocked without being able to use this version. The user can use this version of Java without being blocked but Firefox is updated

    1. Jorge Villalobos wrote on

      My understanding is that you will be able to enable the plugin version for that site indefinitely. So, if you updated the plugin to a new version that is also blocked, you would see the block again. Updating Firefox or updating to an unblocked version of the plugin shouldn’t change the state of the block on the site.

      1. Alejandro wrote on

        A better thanks. My clients can work with the Java version 6u33 although Firefox or CTP Blocklist is updated for having enabled this version (6u33) for that site.
        They should be at the latest version of Java but sometimes the latest versions give us problems we need to solve before they try them.
        If so I think a great solution Blocklist CTP.

        Best regards Alejandro

        1. Alejandro wrote on

          Jorge Goodnight. A few days ago a client with the Java version 6u35 give bar in firefox giving him permission forever to plugins to our website. And yesterday without firefox or java update will lock out again. It may or may not be. What happened

  6. Alejandro wrote on

    Hello Jorge.A few days ago a client with the Java version 6u35 give bar in firefox giving him permission forever to plugins to our website. And yesterday without firefox or java update will lock out again. It may or may not be. What happened

    1. Jorge Villalobos wrote on

      The block was updated yesterday to cover Java 7u11. I’m not sure if that’s related to your problem, though, given that you say it happened for Java 6u35. Let me know if you experience this again in the following days; this might merit filing a bug and looking into it.

  7. Thomas wrote on

    Hi, in my case, the problem persists: I updated Java today and Firefox immediately blocked it – not disabling. If I test Java on java.com, I got a question to activate this plugin, but on i. e. mapmyrun.com there is no question, I can´t see any tools nor the maps or something. So I sadly can´t use this site anymore.

    Same here as Kirk said: I know, the internet is not a secure place and I know, that not all errors are from Firefox, but I used Firefox for years, I love(d) this browser but in the last years, more and more bugs, problems, crashes etc. disturbed my internet experience. Only one thing let me still use this browser: The Japanese support (Rikaichan).

    But perhaps it may be the time to give another browser a chance…

    1. Thomas wrote on

      ah, I´ve forgot to mention, that there is no possibility to activate the plugin anyway.

      1. Jorge Villalobos wrote on

        Which version of Firefox are you using?

        1. Thomas wrote on

          Hi Jorge, thank you for answering. I am using Mozilla 18.0.1 on MS Windows 7 Pro SP1 32bit

          Curiously I can only deactivate the blocked plugin, there is no option to “deblock” the plug in.

          I tried to deinstall and install Java again with no effort. Registry seems to be ok. I found this article

          http://java.com/en/download/help/firefox_java.xml

          But this didn´t help.

          But this is really a bad thing (not mozillas fault!): Many services depend on java and internet user want to use them. In case of a security risc you should not use them but on not so rarely cases users need the services. If this happens in my company…

          So, although there is a security risc, users (as me) want to use this dangerous plugins, because there is no alternative (in spite of shut down the computers and go walking 😉 ) and they still want to use their services. This gives hackers all chances to distribute their “tools” and compromise foreign computers.

          In German we say, it´s a vicious circle…

          But: I want to decide, if I want to use a plug in or not.

          1. Jorge Villalobos wrote on

            So, Java is currently blocked as Click-to-Play. This means that the plugin is not disabled. You can keep it enabled if you want. However, what happens is that whenever you visit a page with an applet, you’ll see a message saying the plugin wasn’t loaded, and you need to click on it in order to load the plugin for that page. You should also see a little icon to the left of the URL bar, which has an option to enable Java for that entire site.

  8. April Monahan wrote on

    I think the problem is with JAVA, not Firefox. Evidently, the latest version of JAVA leaves users open to gross security risks, including open access to microphone and webcam on their computer! At least this is my understanding of the situation. ORACLE NEEDS TO FIX THIS IMMEDIATELY.