Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is the Java 8.0.25 plugin after 7.0.67 vulnerable too?

more options

There is very common in the section of the plugins, in the AddOn menu, the message that the java plugin is vulnerable an it is to be used with caution. Now in 8.0.25 again. What does it means? Is there or will be there a solution for that? Is NoScript in this case useful, or another security option?

Thanks!

There is very common in the section of the plugins, in the AddOn menu, the message that the java plugin is vulnerable an it is to be used with caution. Now in 8.0.25 again. What does it means? Is there or will be there a solution for that? Is NoScript in this case useful, or another security option? Thanks!

Chosen solution

It seems that Oracle refuses to fix the vulnerabilities in Java Deployment Toolkit plugin, thus every new version that Oracle releases is marked as vulnerable.

http://www.java.com/en/download/help/firefox_java.xml

https://www.java.com/en/download/faq/deployment_toolkit.xml For the average internet user the Deployment Toolkit isn't needed. Typically it is used by "in house" applications on company intranets that use Oracle software (which tend to use very old versions of Java) and by developers of Java applications.

Read this answer in context 👍 2

All Replies (6)

more options

Which Java Plugin are you referring to?

The Java Deployment Toolkit? Or the Java Platform'?

more options

The Java Deployment Toolkit is meant :) It's what Firefox is saying in the plugin section in Addons

Modified by hittman

more options

I answered beneath :)

more options

Chosen Solution

It seems that Oracle refuses to fix the vulnerabilities in Java Deployment Toolkit plugin, thus every new version that Oracle releases is marked as vulnerable.

http://www.java.com/en/download/help/firefox_java.xml

https://www.java.com/en/download/faq/deployment_toolkit.xml For the average internet user the Deployment Toolkit isn't needed. Typically it is used by "in house" applications on company intranets that use Oracle software (which tend to use very old versions of Java) and by developers of Java applications.

more options

Thanks, so in this case, while I'm not using it - will it be ok to disable it or to change to "Never activate" ? Thanks!

more options

Yes - disabling it is ok.