FF blocks Java 7 update 45. Why? Explanation regards 7U11.
Have installed Java 7 update 45. Have both 32- and 64-bit versions installed from Oracle website.
Works in Chrome.
Firefox 24.0 displays error message stating that the Java plugin has known vulnerabilities.
On the support page there is a link to this explanation from January 2013 which regards Java 7 update 11. https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/
Does anyone have a permanent fix and preferably an explanation for this?
I know how to allow Java to run once as well as always on a specific site https://support.mozilla.org/en-US/kb/how-to-enable-java-if-its-been-blocked
What I'm wondering is why Firefox still blocks Java per default when Java has been updated many times since the explanation was written.
Thanks a bunch!
hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...Read this answer in context 38
Additional System Details
- Next Generation Java Plug-in 10.45.2 for Mozilla browsers
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Shockwave Flash 11.9 r900
- Adobe PDF Plug-In For Firefox and Netscape 10.1.8
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- iTunes Detector Plug-in
- Sony Reader Application Detector Plugin
- CANON iMAGE GATEWAY Album Plugin Utility Module for IJ
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...
Modified by philipp
hi philipp Thanks for your answer.
That infomation should be on the Firefox support page or even right in the browser error messages to avoid users spending time trying to solve a problem that cannot be solved.
thanks for the feedback, i'll see if we can get that updated information into the support articles quickly.
Although I like this idea, you (Firefox dev) still need to provide a way to enable the plugin regardless.
I have already encountered 2 cases which break the user experience without giving an option to activate the plugin: 1. you're using Raritan for out-of-band management of computers 2. you're using HP iLO for out-of-band management of computers
I can't tell HP or any other vendor to switch their code to something else. Firefox should give me an option to enable Java or I'll have to switch to another browser. At that point, what's the use for Firefox? I can simply stay on the other browser forever.
The way this is currently implemented is breaking things. Fix it.
hello lemsx just to avoid any misconceptions - we volunteers here in the support forums are mainly users like you (developers won't read here), so we cannot directly influence those decisions or changes.
the blocking is to be reverted in the meantime anyway because there have been bugs found on other webpages where the interface to activate the plugin momentarily wasn't shown properly. if you have other examples of sites where click-to-play is not working correctly, please file a bug at bugzilla.mozilla.org like it is requested at https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c50, so it can be taken care of properly in a future version of the blocklisting. thank you!
Thanks for the response... I realize now that the option to re-enable the plugin is shown if the toolbar for the address is shown. This is not the case for all users, one can simply deactivate all the toolbars (as I do since I use Vimperator extension).
That said, after reading through the documentation I was able to noticed that their is a new way to activate plugins which is only shown on the address bar!
On your note, developers should be reading these forums to get a feel for how good or bad they are breaking things for us the users. However, you're right and I should just file a bugzilla bug. Thanks
How can I get Java(TM) Platform SE 7 U45 10.45.2.18 back into my Add-on's. It is missing from my Add-on list. I cannot find it to download. I have reinstalled Firefox, all to no avail. I have it on my laptop and Java works when I turn it on. Any suggestions
I can't get Java to work for the following: http://jesnetplus.com/~rickynumber24/pq.html
My Java plug-in is set to "Ask to activate". Clicking on the little battery widget in the address bar shows
"Java(TM) Platform SE 7 U" is enabled on jesnetplus.com
However, I only get a pop-up with
Application Blocked. Click for details Your security settings have blocked an untrusted application from running.
Clicking on the "Details" button just brings up the Java Console: Java Plug-in 10.51.2.13
Clicking on either "Ignore" or "Reload" does nothing.
So I have two questions: 1) How do I get the details that really tell me what's blocking this applet? 2) How do I un-block the applet?
hello Curmudgeon3, your issue with java 7 U51 is a separate one than originally discussed here. the message you were referring to isn't coming from firefox but from the java plugin itself - please refer to oracle's documentation: http://www.java.com/en/download/help/appsecuritydialogs.xml