This is a major security issue that's widely being exploited. The block is a softblock (you can re-enable in the add-ons manager, I think).
And hence the expected influx of people not having things working. Mostly games but also Danish banks (used for logins) and corporate intranet systems.
Depending on the version of Java you have, you may need to uninstall all existing instances of the Java runtime (from the control panel) and then reinstall from java.com
Ask here if you need more info.
This is a major security issue that's widely being exploited. The block is a softblock (you can re-enable in the add-ons manager, I think).
And hence the expected influx of people not having things working. Mostly games but also Danish banks (used for logins) and corporate intranet systems.
Depending on the version of Java you have, you may need to uninstall all existing instances of the Java runtime (from the control panel) and then reinstall from java.com
Ask here if you need more info.
And the mac update to java has an issue with the way they report version numbers so it's still blocked even though they've addressed the security hole.
And the mac update to java has an issue with the way they report version numbers so it's still blocked even though they've addressed the security hole.
Isn't the block on older Java versions Windows-only right now? Related bug:
Bug 739955 - [Windows] Blocklist vulnerable jre versions pre update 31 due to security issue
Isn't Mac blocklisting still pending?
Bug 741592 - [Mac] Blocklist vulnerable jre versions pre update 31 due to security issue).
Isn't the block on older Java versions Windows-only right now? Related bug:
*[https://bugzilla.mozilla.org/show_bug.cgi?id=739955 Bug 739955] - [Windows] Blocklist vulnerable jre versions pre update 31 due to security issue
Isn't Mac blocklisting still pending?
*[https://bugzilla.mozilla.org/show_bug.cgi?id=741592 Bug 741592] - [Mac] Blocklist vulnerable jre versions pre update 31 due to security issue).
And the hardblock thing has been fixed, but people may not see it until 24 hours from now. The intermediate fix is to delete blocklist.xul from the profile folder.
And the hardblock thing has been fixed, but people may not see it until 24 hours from now. The intermediate fix is to delete blocklist.xul from the profile folder.
Here's how I understand the issues along with some questions - maybe answered by the article Cww is working on:
For most Windows & Linux users, updating java will work as expected and they will be fine.
For Windows and Linux - if updating fails to work (I don't know what that means exactly), they will have to uninstall old versions of java first (via the control panel?) and then install the new java.
For Windows and Linux users that need to keep the old java, they will have to delete blocklist.xml from their profile. Tomorrow this won't be necessary.
Regardless of blocklist.xml - users that need to keep the old version of java have to know how to turn it on. Do they just click enable in the add-ons manager?
Mac users - I updated Java this morning but my plugin number didn't change. This is because of a mistake that Apple made. Not sure what to tell people about that.
Here's how I understand the issues along with some questions - maybe answered by the article Cww is working on:
#For most Windows & Linux users, updating java will work as expected and they will be fine.
#For Windows and Linux - if updating fails to work (I don't know what that means exactly), they will have to uninstall old versions of java first (via the control panel?) and then install the new java.
#For Windows and Linux users that need to keep the old java, they will have to delete blocklist.xml from their profile. Tomorrow this won't be necessary.
#Regardless of blocklist.xml - users that need to keep the old version of java have to know how to turn it on. Do they just click enable in the add-ons manager?
#Mac users - I updated Java this morning but my plugin number didn't change. This is because of a mistake that Apple made. Not sure what to tell people about that.
Yep. Mac blocklist hasn't rolled out because of the apple issue.
Updates are failing because if you have older than a certain version of java installed, the new install doesn't delete those old files or handle them correctly.
Users need to delete blocklist.xul and pluginreg.dat AND restart firefox.
And to enable java once we have the softblock rolled out, you just need to enable from the add-ons manager.
Lastly, please do not advise users to disable the blocklist altogether. It doesn't necessarily work and leaves them at risk.
Yep. Mac blocklist hasn't rolled out because of the apple issue.
Updates are failing because if you have older than a certain version of java installed, the new install doesn't delete those old files or handle them correctly.
Users need to delete blocklist.xul and pluginreg.dat AND restart firefox.
And to enable java once we have the softblock rolled out, you just need to enable from the add-ons manager.
Lastly, please do not advise users to disable the blocklist altogether. It doesn't necessarily work and leaves them at risk.
Can someone please review my update. I know that the markup on the lists is wonky and that we're not actually blocking mac yet (feel free to hide that section) but I think all the critical information is there.
https://support.mozilla.org/en-US/kb/java-plugin-blocked/history#preview
Can someone please review my update. I know that the markup on the lists is wonky and that we're not actually blocking mac yet (feel free to hide that section) but I think all the critical information is there.
''Cww [[#post-46050|said]]''
<blockquote>
https://support.mozilla.org/en-US/kb/java-plugin-blocked/history#preview
Can someone please review my update. I know that the markup on the lists is wonky and that we're not actually blocking mac yet (feel free to hide that section) but I think all the critical information is there.
</blockquote>
I fixed the markup and added templates. Then I changed the name to [[Unblocking the Java plugin]] and linked it from the warning on [[Using the Java plugin with Firefox]] and [[Latest Firefox issues]].
Lastly, please do not advise users to disable the blocklist altogether. It doesn't necessarily work and leaves them at risk.
Ok.
''Cww [[#post-46047|said]]''
<blockquote>
Lastly, please do not advise users to disable the blocklist altogether. It doesn't necessarily work and leaves them at risk.
</blockquote>
Ok.
Mac users - I updated Java this morning but my plugin number didn't change. This is because of a mistake that Apple made. Not sure what to tell people about that.
Your plugin number didn't change, where? In the Add-ons Manager tab?...or?
In my Add-ons Manager tab > Plugin, I see:
Java Plug-In 2 for NPAPI Browser 13.7.0
if I click on More > Last update March 27, 2012 (why March 27 if I updated yesterday April 4 ?)
If I run the Plugin Check, Java is Up to Date > Status/Version 1.6.0.31
If I go to Applications > Utility > Java Preferences > General I see: Java SE 6 Version 1.6.0_31-b04-413
If I go to System Preferences > Updates > Java for Mac OS X 10.6 Update 7 (version 7.0)
According to this page http://support.apple.com/kb/HT5228 it seems that my plugin version is correct.
So, why are you talking about a mistake by Apple? Cww reports an "Apple fix", why?
I'd like to understand if I need this "Apple fix" too, or if my Java plugin is ok.
Thanks in advance ;)
Hi Michael,
''Verdi [[#post-46046|said]]''
<blockquote>
Mac users - I updated Java this morning but my plugin number didn't change. This is because of a mistake that Apple made. Not sure what to tell people about that.
</blockquote>
Your plugin number didn't change, where? In the Add-ons Manager tab?...or?
I use a Mac OSX 10.6.8 Snow Leopard and
as I reported in this discussion https://support.mozilla.org/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox/discuss/2373#post-5214 , I updated Java yesterday via "Software update..."
In my Add-ons Manager tab > Plugin, I see:
Java Plug-In 2 for NPAPI Browser 13.7.0
if I click on More > Last update March 27, 2012 (why March 27 if I updated yesterday April 4 ?)
If I run the Plugin Check, Java is Up to Date > Status/Version 1.6.0.31
If I go to Applications > Utility > Java Preferences > General I see: Java SE 6 Version 1.6.0_31-b04-413
If I go to System Preferences > Updates > Java for Mac OS X 10.6 Update 7 (version 7.0)
According to this page http://support.apple.com/kb/HT5228 it seems that my plugin version is correct.
So, why are you talking about a mistake by Apple? Cww reports an "Apple fix", why?
I'd like to understand if I need this "Apple fix" too, or if my Java plugin is ok.
Thanks in advance ;)
Hmmm... might only be a problem for the Lion version of the update but when I look at Plugin check, I have it say I'm vulnerable. When I click the version test button next to Java Embedding Plugin 0.9.7.2, it gives me 1.6.0_29
Applications > Utility > Java Preferences > General has it correct though Java SE 6 Version 1.6.0_31-b04-413
Hmmm... might only be a problem for the Lion version of the update but when I look at Plugin check, I have it say I'm vulnerable. When I click the version test button next to Java Embedding Plugin 0.9.7.2, it gives me 1.6.0_29
Applications > Utility > Java Preferences > General has it correct though Java SE 6 Version 1.6.0_31-b04-413
''Cww [[#post-46063|said]]''
<blockquote>
Applications > Utility > Java Preferences > General has it correct though Java SE 6 Version 1.6.0_31-b04-413
</blockquote>
Yes I think it's a Lion thing. My Java Preference app says the same thing as Cheng's but my plugin says it was last updated in June 2011 and plugin check says I'm vulnerable. http://people.mozilla.org/~mverdi/screenshots/Add-ons_Manager-20120405-153233.jpg
Arrrr this is confusing and frustrating. Apple released a new Java update this morning (at least for Lion) and my Java Preference app now says Java SE 6 Version 1.6.0_31-b04-414 instead of 413 but my plugin is the same and plugin check still says its vulnerable.
Arrrr this is confusing and frustrating. Apple released a new Java update this morning (at least for Lion) and my Java Preference app now says Java SE 6 Version 1.6.0_31-b04-41'''4''' instead of 413 but my plugin is the same and plugin check still says its vulnerable.
Apple is linking to this article from the new http://support.apple.com/kb/HT5241 which is where they're sending users who want to disable Java. This really old article isn't the best place for that, we should either fix it up or redirect it somewhere (don't see a better one at first glance but didn't look hard).
Since Apple is now linking to the How to turn off Java applets article and it's way outdated, I updated the article and self-approved it. Mac OS X 10.5 users have no way to update Java to make it secure and the Java block is still not approved for Mac OS. I think How to turn off Java applets should be un-archived but I'll let an admin (Michael?) decide.
Copied from the [[How to turn off Java applets]] article discussion forum,
https://support.mozilla.org/kb/How%20to%20turn%20off%20Java%20applets/discuss/2379
''midnightaz said''
<blockquote>Apple is linking to this article from the new http://support.apple.com/kb/HT5241 which is where they're sending users who want to disable Java. This really old article isn't the best place for that, we should either fix it up or redirect it somewhere (don't see a better one at first glance but didn't look hard). </blockquote>
Since Apple is now linking to the [[How to turn off Java applets]] article and it's way outdated, I updated the article and self-approved it. Mac OS X 10.5 users have no way to update Java to make it secure and the Java block is still not approved for Mac OS. I think How to turn off Java applets should be un-archived but I'll let an admin (Michael?) decide.
Arrrr this is confusing and frustrating. Apple released a new Java update this morning (at least for Lion) and my Java Preference app now says Java SE 6 Version 1.6.0_31-b04-414 instead of 413 but my plugin is the same and plugin check still says its vulnerable.
For the record, the solution for the PluginCheck page still reporting the old, vulnerable Java version on Mac OS 10.7, even after updating Java, is to delete pluginreg.dat from the Firefox profile folder. Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=741592#c25
''Verdi [[#post-46071|said]]''
<blockquote>
Arrrr this is confusing and frustrating. Apple released a new Java update this morning (at least for Lion) and my Java Preference app now says Java SE 6 Version 1.6.0_31-b04-41'''4''' instead of 413 but my plugin is the same and plugin check still says its vulnerable.
</blockquote>
For the record, the solution for the [http://www.mozilla.com/en-US/plugincheck/ PluginCheck] page still reporting the old, vulnerable Java version on Mac OS 10.7, even after updating Java, is to delete pluginreg.dat from the Firefox profile folder. Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=741592#c25
This is coming up in the support forum:
*https://support.mozilla.org/en-US/questions/758946#answer-325094
P.S. There's another thread on this at MozillaZine:
*http://forums.mozillazine.org/viewtopic.php?f=38&t=2454083
