{"id":912,"date":"2013-01-11T09:30:16","date_gmt":"2013-01-11T17:30:16","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=912"},"modified":"2013-01-18T09:40:54","modified_gmt":"2013-01-18T17:40:54","slug":"protecting-users-against-java-vulnerability","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/","title":{"rendered":"Protecting Users Against Java Vulnerability"},"content":{"rendered":"
Update – January 18, 2013<\/strong><\/div>\n
Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the original Java bug have not been fully addressed by Oracle in the 7u11 patch.<\/p>\n<\/div>\n
Update – January 13, 2013<\/strong><\/div>\n
\n

Oracle has released an update to address this vulnerability. Read more here<\/a> and download updates here<\/a>.<\/p>\n<\/div>\n

Issue<\/b><\/div>\n
\n

Mozilla is aware of a security vulnerability in the current version of Java (Java 7 Update 10) that is being actively exploited and affects any browser using the Java plugin. Firefox users may be vulnerable to this issue if they have the Java plugin installed in their browser. Information on how to check which plugins are installed can be found here<\/a>.<\/p>\n<\/div>\n

Impact <\/b>
\nAn attacker could exploit this vulnerability to execute malicious software on a victim\u2019s machine. This vulnerability is being actively used in attacks and the malicious exploit code is also available in common exploit kits.<\/p>\n

Status<\/b><\/div>\n
\n

There is no patch currently available for this issue from Oracle.<\/del> To protect Firefox users we have enabled Click To Play<\/a> for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). Firefox users with older versions of Java are already protected by existing plugin blocking or Click To Play defenses.<\/p>\n<\/div>\n

The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.<\/div>\n

 <\/p>\n

\"\"Demo screenshot of Click To Play<\/div>\n

 <\/p>\n

Additional Information<\/b><\/div>\n
\n

We encourage users to always keep plugins up to date. Visit the plugin check website<\/a>\u00a0to update plugins now.<\/p>\n<\/div>\n

\n

Information to fully disable the Java plugin can be found at the following page: http:\/\/support.mozilla.org\/kb\/How to turn off Java applets<\/a><\/p>\n<\/div>\n

 <\/p>\n

Michael Coates
\nDirector of Security Assurance<\/div>\n","protected":false},"excerpt":{"rendered":"

Update – January 18, 2013 Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the … Read more<\/a><\/p>\n","protected":false},"author":1438,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71,69],"tags":[],"coauthors":[],"yoast_head":"\nProtecting Users Against Java Vulnerability - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"mozilla\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/\",\"name\":\"Protecting Users Against Java Vulnerability - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1-600x478.png\",\"datePublished\":\"2013-01-11T17:30:16+00:00\",\"dateModified\":\"2013-01-18T17:40:54+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1.png\",\"width\":\"952\",\"height\":\"759\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protecting Users Against Java Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\",\"name\":\"mozilla\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"caption\":\"mozilla\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting Users Against Java Vulnerability - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/","twitter_misc":{"Written by":"mozilla","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/","url":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/","name":"Protecting Users Against Java Vulnerability - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1-600x478.png","datePublished":"2013-01-11T17:30:16+00:00","dateModified":"2013-01-18T17:40:54+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2012\/10\/ctp-in-action1.png","width":"952","height":"759"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2013\/01\/11\/protecting-users-against-java-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Protecting Users Against Java Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9","name":"mozilla","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc","url":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","caption":"mozilla"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/912"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1438"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=912"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/912\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=912"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}