This forum is a discussion about improving the "How to allow Java on trusted sites" article. If you'd like to participate, please register.

If you need help with Firefox, please ask a question.

[Fx26] Java will be CTP by default (was: Status of CTP block for current Java versions)

  • 7 Replies
  • Last reply by AliceWyman
  1. AliceWyman 5189 posts
    Report Abuse

    I added this article to the "Need changes" list based on the possibility that the Java 7 U 45 block may be reverted. See https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c65 dated 10-22-2013

    Also need to review for Mac OS ... and change wording? Mac OS X 10.6 uses Java 6 which is still being updated by Apple. The latest Java 6 is not being blocked on Mac OS X 10.6. I tested it on an iMac running OS X 10.6.8 with the latest Java 6 update, installed via Apple's Software Update.

    An update to Java 6 version 1.6.0_65 was released by apple on Oct 15 2013 Ref: http://support.apple.com/kb/HT5946 (OS X 10.6) http://support.apple.com/kb/HT5945 (OS X 10.7 and above). OS X 10.7 and above may install and use either Java 6 from Apple or Java 7 from Oracle. * Ref: http://java.com/en/download/faq/java_mac.xml


    * EDIT:  
    

    http://support.apple.com/kb/HT5945 About Java for OS X 2013-005 dated Oct 15 2013 (which I linked earlier and should have read more carefully!) says,

    This release updates the Apple-provided system Java SE 6 to version 1.6.0_65 and is for OS X versions 10.7 or later. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle. 
    

    See also http://javatester.org/index.htm which says,

    Oct. 17, 2013: OS X Snow Leopard (10.6) clarification: I have seen it reported twice on websites with many readers that Apple does not allow Java 6 to run applets (Java programs embedded in web pages, such as the Version page on this site). This is not true on OS X 10.6. It is true on OS X 10.7 and 10.8. I have personally verified that Java 6 Update 65 runs applets just fine on Snow Leopard.
    

    I also found http://support.apple.com/kb/HT5559 Java for OS X 2013-005: How to re-enable the Apple-provided Java SE 6 web plug-in and Web Start functionality. (It seems using the Java 6 plugin for Java applets on Mac OS X 10.7 and above is possible, but complicated.)

    I added this article to the "Need changes" list based on the possibility that the Java 7 U 45 block may be reverted. See https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c65 dated 10-22-2013 Also need to review for Mac OS ... and change wording? Mac OS X 10.6 uses Java 6 which is still being updated by Apple. The latest Java 6 is not being blocked on Mac OS X '''10.6'''. I tested it on an iMac running OS X 10.6.8 with the latest Java 6 update, installed via Apple's Software Update. An update to Java 6 version 1.6.0_65 was released by apple on Oct 15 2013 Ref: http://support.apple.com/kb/HT5946 (OS X 10.6) http://support.apple.com/kb/HT5945 (OS X 10.7 and above). OS X 10.7 and above may install and use either Java 6 from Apple or Java 7 from Oracle. * Ref: http://java.com/en/download/faq/java_mac.xml * '''EDIT:''' http://support.apple.com/kb/HT5945 ''About Java for OS X 2013-005'' dated Oct 15 2013 (which I linked earlier and should have read more carefully!) says, This release updates the Apple-provided system Java SE 6 to version 1.6.0_65 and is for OS X versions 10.7 or later. This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle. See also http://javatester.org/index.htm which says, Oct. 17, 2013: OS X Snow Leopard (10.6) clarification: I have seen it reported twice on websites with many readers that Apple does not allow Java 6 to run applets (Java programs embedded in web pages, such as the Version page on this site). This is not true on OS X 10.6. It is true on OS X 10.7 and 10.8. I have personally verified that Java 6 Update 65 runs applets just fine on Snow Leopard. I also found http://support.apple.com/kb/HT5559 ''Java for OS X 2013-005: How to re-enable the Apple-provided Java SE 6 web plug-in and Web Start functionality.'' (It seems using the Java 6 plugin for Java applets on Mac OS X 10.7 and above is possible, but complicated.)
    Modified by AliceWyman on
  2. AliceWyman 5189 posts
    Report Abuse

    Need to update this article since the blocks to current versions of Java will be removed. See https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c80


    Jorge Villalobos [:jorgev] 2013-10-23 08:40:43 PDT
    

    The blocks have been reverted. It'll take roughly a day or two for most systems to update their blocklists and have Java working again.

    Status: REOPENED → RESOLVED Resolution: --- → WONTFIX


    Need to update this article since the blocks to current versions of Java will be removed. See https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c80 ----- Jorge Villalobos [:jorgev] 2013-10-23 08:40:43 PDT The blocks have been reverted. It'll take roughly a day or two for most systems to update their blocklists and have Java working again. Status: REOPENED → RESOLVED Resolution: --- → WONTFIX ----
  3. philipp 1098 posts
    Report Abuse

    so just add back the intro we had before?: "In order to protect you, Firefox has stopped some versions of the Java plugin from running automatically because of security issues."

    so just add back the intro we had before?: "In order to protect you, Firefox has stopped '''some ''' versions of the Java plugin from running automatically because of security issues."
    Modified by philipp on
  4. AliceWyman 5189 posts
    Report Abuse

    The original intro would be OK:

    In order to protect you, Firefox has stopped some versions of the Java plugin from running automatically because of security issues. However, you can still use Java on trusted sites if necessary. We'll show you how.
    
    The original intro would be OK: In order to protect you, Firefox has stopped some versions of the Java plugin from running automatically because of security issues. However, you can still use Java on trusted sites if necessary. We'll show you how.
  5. cor-el 1198 posts
    Report Abuse
    See also https://groups.google.com/forum/?fromgroups=&hl=en#!topic/firefox-dev/WdHNwlV0bBk
  6. AliceWyman 5189 posts
    Report Abuse

    cor-el said

    See also https://groups.google.com/forum/?fromgroups=&hl=en#!topic/firefox-dev/WdHNwlV0bBk

    Thanks for the above link to the discussion, Status of click-to-play plugins in Firefox 24/26 started by Benjamin Smedberg on Oct 29.

    On whether or not current Java versions will be CTP blocked in the future, the answer is yes, eventually, along with other plugins. This is from the original bug that initiated the now reverted block for Firefox 24:

    https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c83


    Benjamin Smedberg [:bsmedberg] 2013-10-23 09:12:41 PDT
    
    We certainly will be making java CtP by default when the UI is fixed (along with all other plugins). Whether or not we want to use the scarier UI is still an open question.
    
    In any case, I don't think it makes sense to re-use this bug, given its size already. When we decide to re-block, I'll file a new bug and comment in this bug to link them up.
    

    See also this recent blog post, https://blog.mozilla.org/futurereleases/2013/09/24/plugin-activation-in-firefox/ Quote: The one plugin not affected by this change is Flash, which will remain enabled by default.

    I'm watching these open CTP bugs:

    • Bug 932446 - Vulnerable Click-to-activate in-content UI should look clickable
    • Bug 932854 - Consider showing a notification bar for hidden plugins
    ''cor-el [[#post-8976|said]]'' <blockquote> See also https://groups.google.com/forum/?fromgroups=&hl=en#!topic/firefox-dev/WdHNwlV0bBk </blockquote> Thanks for the above link to the discussion, Status of click-to-play plugins in Firefox 24/26 started by Benjamin Smedberg on Oct 29. On whether or not current Java versions will be CTP blocked in the future, the answer is yes, eventually, along with other plugins. This is from the original bug that initiated the now reverted block for Firefox 24: [https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c83] ----- Benjamin Smedberg [:bsmedberg] 2013-10-23 09:12:41 PDT We certainly will be making java CtP by default when the UI is fixed (along with all other plugins). Whether or not we want to use the scarier UI is still an open question. In any case, I don't think it makes sense to re-use this bug, given its size already. When we decide to re-block, I'll file a new bug and comment in this bug to link them up. ----- See also this recent blog post, https://blog.mozilla.org/futurereleases/2013/09/24/plugin-activation-in-firefox/ Quote: ''The one plugin not affected by this change is Flash, which will remain enabled by default.'' I'm watching these open CTP bugs: *[https://bugzilla.mozilla.org/show_bug.cgi?id=932446 Bug 932446] - Vulnerable Click-to-activate in-content UI should look clickable *[https://bugzilla.mozilla.org/show_bug.cgi?id=932854 Bug 932854] - Consider showing a notification bar for hidden plugins
  7. AliceWyman 5189 posts
    Report Abuse

    Looks like click-to-play will be the default action for all plugins except for Flash, in Firefox 26:

    http://www.mozilla.org/en-US/firefox/26.0beta/releasenotes/
    Quote: All plug-ins, with the exception of recent Flash plug-ins, are defaulted to 'click to play

    Bug 899080 - Make plugins default to click-to-play

    Looks like click-to-play will be the default action for all plugins except for Flash, in Firefox 26: http://www.mozilla.org/en-US/firefox/26.0beta/releasenotes/ <br>'''Quote:''' ''All plug-ins, with the exception of recent Flash plug-ins, are defaulted to 'click to play'' [https://bugzilla.mozilla.org/show_bug.cgi?id=899080 Bug 899080] - Make plugins default to click-to-play
  8. AliceWyman 5189 posts
    Report Abuse

    The Firefox 26 release notes at http://www.mozilla.org/firefox/26.0/releasenotes/ now say this:
    Quote: All Java plug-ins are defaulted to 'click to play'

    Reason for limiting click to play to Java by default given in Bug 941137 - Alter plugin defaults for beta/release until whitelist strategy is defined


    Benjamin Smedberg [:bsmedberg] 2013-11-20 11:04:06 PST
    
    For Fx26 and probably 27, we have decided to hold off turning on click-to-activate for all plugins. This will give Chad Weiner a chance to define a whitelisting strategy for plugin vendors who are making a transition to HTML5 technologies but need additional time to complete that transition. So for now, we're going to flip the plugin default state to activated, and explicitly change Java to be click-to-activate.
    
    The Firefox 26 release notes at http://www.mozilla.org/firefox/26.0/releasenotes/ now say this:<br> '''Quote:''' ''All Java plug-ins are defaulted to [https://blog.mozilla.org/futurereleases/2013/09/24/plugin-activation-in-firefox/ 'click to play']'' Reason for limiting click to play to Java by default given in [https://bugzilla.mozilla.org/show_bug.cgi?id=941137'' Bug 941137''] ''- Alter plugin defaults for beta/release until whitelist strategy is defined'' ----- Benjamin Smedberg [:bsmedberg] 2013-11-20 11:04:06 PST For Fx26 and probably 27, we have decided to hold off turning on click-to-activate for all plugins. This will give Chad Weiner a chance to define a whitelisting strategy for plugin vendors who are making a transition to HTML5 technologies but need additional time to complete that transition. So for now, we're going to flip the plugin default state to activated, and explicitly change Java to be click-to-activate.
    Modified by AliceWyman on