{"id":789,"date":"2012-08-28T10:00:15","date_gmt":"2012-08-28T17:00:15","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=789"},"modified":"2012-08-31T10:23:53","modified_gmt":"2012-08-31T17:23:53","slug":"protecting-users-against-java-security-vulnerability","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/","title":{"rendered":"Protecting Users Against Java Security Vulnerability"},"content":{"rendered":"<p><em>Update &#8211; Aug 31, 2012<\/em><\/p>\n<p>Yesterday Oracle released a patch for the critical vulnerabilities identified within Java.<\/p>\n<p>Visit the Mozilla Plugin Check webpage to find out if your Java plugin needs to be updated:<br \/>\n<a href=\"http:\/\/www.mozilla.org\/plugincheck\/\">https:\/\/www.mozilla.org\/plugincheck\/<\/a><\/p>\n<p>Additional information from Oracle can be found here:<br \/>\n<a href=\"https:\/\/blogs.oracle.com\/security\/entry\/security_alert_for_cve_20121\">https:\/\/blogs.oracle.com\/security\/entry\/security_alert_for_cve_20121<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><em>Update &#8211; Aug 29, 2012:<\/em><\/p>\n<p>We\u2019ve been closely monitoring the recent Java security vulnerability and evaluating different options to best protect our users.<\/p>\n<p>Our goal is to provide protection to Firefox users against this actively exploited vulnerability in Java while also leaving the user in control so they can choose to allow Java on important sites that they trust.<\/p>\n<p>We are still working out the implementation details, but our solution will accomplish two primary objectives:<\/p>\n<ol>\n<li>By default, vulnerable versions of Java will be disabled for our Firefox users.<\/li>\n<li>Users will be provided the option to enable Java through a clear and visible message that will be displayed anytime the user views a page using Java.<\/li>\n<\/ol>\n<p>We\u2019ll provide additional updates when items are finalized. In the interim, we still advise users to disable the Java plugin as described below.<\/p>\n<p>Lastly, starting this week in Aurora and Beta we&#8217;ll begin adding the components of click-to-play, a Firefox security control that helps protect users against outdated and vulnerable plugins. We anticipate this new security feature to be fully operational by Firefox 18.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Original Post Aug 28, 2012<\/em><\/p>\n<p><strong>Issue<\/strong><\/p>\n<p>Mozilla is aware of a security vulnerability (<a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2012-4681\">CVE-2012-4681<\/a>)\u00a0in the current version of Java 7 (version 1.7, updates 0 through 6) that is being actively exploited to compromise users. Firefox users may be vulnerable to this issue if they are running the Java plugin within their browser.<\/p>\n<p><strong>Impact to Users<\/strong><\/p>\n<p>An attacker could exploit this vulnerability to download and execute malware on to a user&#8217;s machine.<\/p>\n<p>We have received reports of this vulnerability being actively used in targeted attacks and the malicious exploit code is also available in common exploit kits indicating the number of attacks may increase.<\/p>\n<p><strong>Status<\/strong><\/p>\n<p>At this time there is no patch available from Oracle to address the vulnerability within Java. We recommend that users disable the Java plugin within Firefox to ensure they are protected against this vulnerability.<\/p>\n<p>Steps to disable the Java plugin can be found here:<br \/>\n<a title=\"How to turn off Java applets\" href=\"http:\/\/support.mozilla.org\/kb\/How+to+turn+off+Java+applets\">http:\/\/support.mozilla.org\/kb\/How+to+turn+off+Java+applets<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update &#8211; Aug 31, 2012 Yesterday Oracle released a patch for the critical vulnerabilities identified within Java. Visit the Mozilla Plugin Check webpage to find out if your Java plugin &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/\">Read more<\/a><\/p>\n","protected":false},"author":1438,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,71,69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Protecting Users Against Java Security Vulnerability - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"mozilla\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/\",\"name\":\"Protecting Users Against Java Security Vulnerability - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2012-08-28T17:00:15+00:00\",\"dateModified\":\"2012-08-31T17:23:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protecting Users Against Java Security Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\",\"name\":\"mozilla\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"caption\":\"mozilla\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting Users Against Java Security Vulnerability - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/","twitter_misc":{"Written by":"mozilla","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/","url":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/","name":"Protecting Users Against Java Security Vulnerability - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2012-08-28T17:00:15+00:00","dateModified":"2012-08-31T17:23:53+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2012\/08\/28\/protecting-users-against-java-security-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Protecting Users Against Java Security Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9","name":"mozilla","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc","url":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","caption":"mozilla"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/789"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1438"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=789"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/789\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=789"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}