X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

This thread was closed and archived. Please ask a new question if you need help.

FF blocks Java 7 update 45. Why? Explanation regards 7U11.

Posted

Have installed Java 7 update 45. Have both 32- and 64-bit versions installed from Oracle website.

Works in Chrome.

Firefox 24.0 displays error message stating that the Java plugin has known vulnerabilities.

On the support page there is a link to this explanation from January 2013 which regards Java 7 update 11. https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

Does anyone have a permanent fix and preferably an explanation for this?

I know how to allow Java to run once as well as always on a specific site https://support.mozilla.org/en-US/kb/how-to-enable-java-if-its-been-blocked

What I'm wondering is why Firefox still blocks Java per default when Java has been updated many times since the explanation was written.

Thanks a bunch!

Chosen solution

hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...

Read this answer in context 38

Additional System Details

Installed Plug-ins

  • Next Generation Java Plug-in 10.45.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Shockwave Flash 11.9 r900
  • 5.1.20913.0
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.8
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • iTunes Detector Plug-in
  • Sony Reader Application Detector Plugin
  • npFFApi
  • CANON iMAGE GATEWAY Album Plugin Utility Module for IJ

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0

More Information

philipp
  • Top 10 Contributor
  • Moderator
2054 solutions 8922 answers

Chosen Solution

hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...

Modified by philipp

Helpful Reply

hi philipp Thanks for your answer.

That infomation should be on the Firefox support page or even right in the browser error messages to avoid users spending time trying to solve a problem that cannot be solved.

Thanks again.

philipp
  • Top 10 Contributor
  • Moderator
2054 solutions 8922 answers

thanks for the feedback, i'll see if we can get that updated information into the support articles quickly.

lemsx1 0 solutions 2 answers

Helpful Reply

Although I like this idea, you (Firefox dev) still need to provide a way to enable the plugin regardless.

I have already encountered 2 cases which break the user experience without giving an option to activate the plugin: 1. you're using Raritan for out-of-band management of computers 2. you're using HP iLO for out-of-band management of computers

in both cases Firefox does not present me with an option to enable Java. HP iLO uses javascript to call the applet. Raritan calls the applet from some other frame on login, and who knows what the applets are doing in the background.

I can't tell HP or any other vendor to switch their code to something else. Firefox should give me an option to enable Java or I'll have to switch to another browser. At that point, what's the use for Firefox? I can simply stay on the other browser forever.

The way this is currently implemented is breaking things. Fix it.

philipp
  • Top 10 Contributor
  • Moderator
2054 solutions 8922 answers

hello lemsx just to avoid any misconceptions - we volunteers here in the support forums are mainly users like you (developers won't read here), so we cannot directly influence those decisions or changes.

the blocking is to be reverted in the meantime anyway because there have been bugs found on other webpages where the interface to activate the plugin momentarily wasn't shown properly. if you have other examples of sites where click-to-play is not working correctly, please file a bug at bugzilla.mozilla.org like it is requested at https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c50, so it can be taken care of properly in a future version of the blocklisting. thank you!

lemsx1 0 solutions 2 answers

Philipp,

Thanks for the response... I realize now that the option to re-enable the plugin is shown if the toolbar for the address is shown. This is not the case for all users, one can simply deactivate all the toolbars (as I do since I use Vimperator extension).

That said, after reading through the documentation I was able to noticed that their is a new way to activate plugins which is only shown on the address bar!

On your note, developers should be reading these forums to get a feel for how good or bad they are breaking things for us the users. However, you're right and I should just file a bugzilla bug. Thanks

dcmccabe 0 solutions 4 answers

How can I get Java(TM) Platform SE 7 U45 10.45.2.18 back into my Add-on's. It is missing from my Add-on list. I cannot find it to download. I have reinstalled Firefox, all to no avail. I have it on my laptop and Java works when I turn it on. Any suggestions

Curmudgeon3 0 solutions 2 answers

I can't get Java to work for the following: http://jesnetplus.com/~rickynumber24/pq.html

My Java plug-in is set to "Ask to activate". Clicking on the little battery widget in the address bar shows

"Java(TM) Platform SE 7 U" is enabled on jesnetplus.com

However, I only get a pop-up with

Application Blocked. Click for details Your security settings have blocked an untrusted application from running.

Clicking on the "Details" button just brings up the Java Console: Java Plug-in 10.51.2.13

Clicking on either "Ignore" or "Reload" does nothing.

So I have two questions: 1) How do I get the details that really tell me what's blocking this applet? 2) How do I un-block the applet?

philipp
  • Top 10 Contributor
  • Moderator
2054 solutions 8922 answers

hello Curmudgeon3, your issue with java 7 U51 is a separate one than originally discussed here. the message you were referring to isn't coming from firefox but from the java plugin itself - please refer to oracle's documentation: http://www.java.com/en/download/help/appsecuritydialogs.xml

thank you!