Categories: end users

Protecting Users Against Java Vulnerability

As explained on this post in the Mozilla Security Blog, all versions of the Java plugin are vulnerable to a security bug that could compromise users’ systems. Because of this, all versions of the Java plugin will be blocked in Firefox 17 and above.

This is a click-to-play block, meaning that the plugin will be disabled by default, but you will be prompted if you visit a site that has a Java applet, giving you the option to enable it for that session, or always enable it for that site.

We recommend that you visit our plugin check page frequently, in case an update for the Java plugin becomes available soon.

6 comments on “Protecting Users Against Java Vulnerability”

  1. Daniel Serodio wrote on

    I’ve just updated Java (JDK) to 1.7.0_11 and restarted Firefox, but it’s still showing the installed plugin version as “Java 7 Update 10”. What can I do to make Firefox realize I’ve got an updated plugin?

    I’m on OS X 10.8.2

    1. Jorge Villalobos wrote on

      Try restarting Firefox. If that doesn’t help, close Firefox, locate your profile folder and delete the file named pluginreg.dat (don’t worry, Firefox will regenerate it when it starts). Then start Firefox again.

      1. LarkB wrote on

        This did not work for me. I have Java completely uninstalled, as well as Silverlight, but when I deleted the pluginreg.dat file and restarted Firefox, the Java and Silverlight plugins were still there but this time, not grayed out/disabled.

        From what I have been able to ascertain, the only ways to get rid of them include making a new profile and/or completely uninstalling Firefox including the user profile and reinstalling, not exactly an ideal “fix”, imo.

        1. Jorge Villalobos wrote on

          Without Java or Silverlight, the plugins should not be listed at all. The plugin files should have disappeared after uninstalling, and that’s what Firefox uses to determine if the plugins are there or not. So, if they files are missing and the plugins are still listed in the Add-ons Manager, then it’s a Firefox bug and the only problem is the minor inconvenience of having the plugins listed there when they’re really not there. The most likely issue, though, is that you haven’t fully uninstalled Java or Silverlight and that’s why the plugins continue to show up.

          1. LarkB wrote on

            It’s definitely a bug. I had uninstalled Java back in October (v7.9) from Control Panel>Programs as well as Silverlight. I used OTL by oldtimer to remove the associated Java/Silverlight entries that were showing for Firefox and then they were gone. I don’t know if it was simply a bug with those versions of the plugins or what, but using Programs>Uninstall did not remove them from Firefox.

  2. LarkB wrote on

    Since your blog is moderated, I can’t remember if I included this or not, but when I toggled plugin.expose_full_path to true, and went to about:plugins, the only items showing were VLC Media Player and Flash. I did download JavaRa and it did remove several registry entries, but after closing Firefox, rebooting, and restarting Firefox, the plug ins were still there (grayed out/disabled). After removing these items with OTL, they were gone:

    FF – HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found
    FF – HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF – HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll File not found

    I did go to C:\Program Files (x86) and deleted the Java folder inside as well. Again, Java had already been removed via Control Panel>Programs and Features (Windows 7-64bit, FX 18.1) but that folder remained behind. Perhaps that had something to do with it as well.