Why is Java Deployment Toolkit (click-to-play) blocked, also the referenced bug is closed and there are no security issues known in Version 7 U51?
I think it is important to block unsecure addons. But if you do so there should be an open bug assigened. The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
I have the problem that I want to use Secure_Auth that is using the Java Deployment Kit in such a nasty way (via javascript) that firefox doesn't see that the deployment kit should be started. Therefore I will not be asked to allow this plugin always for this web site. Since there is no documentation available how to do this configuration in a config file I am stuck at the moment.
I'm a liitle bit suprised that blocking all versions (even secure versions) is a way to get a good user experience.
Regards
Martin
Solution choisie
MG_DAU,
Why do you think that the problem is being caused by the Java Deployment Toolkit block, and not by Java itself? See http://www.java.com/en/download/faq/deployment_toolkit.xml and this document I found with a google search:
For general information on using Java on trusted sites, see:
Lire cette réponse dans son contexte 👍 3Toutes les réponses (3)
MG_DAU wrote:
The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633
That's a bug report in the Blocklisting component, meaning it's a request to add an add-on to the blocklist. The fact that it's marked as fixed means the add-on has been added to the blocklist.
- https://addons.mozilla.org/firefox/blocked/p428
- Add-ons that cause stability or security issues are put on a blocklist
Given that there's no way to disable Click-to-Play for this plug-in (the only options are Ask to Activate or Never Activate), if Firefox doesn't trigger a Click-to-Play prompt, I see no way to use it apart from disabling the entire blocklist. This carries a considerable security risk, as no plug-ins will be blocked or set to Click-to-Play, including known malware. If you're sure you want to go through with it, set extensions.blocklist.enabled to false in about:config.
Solution choisie
MG_DAU,
Why do you think that the problem is being caused by the Java Deployment Toolkit block, and not by Java itself? See http://www.java.com/en/download/faq/deployment_toolkit.xml and this document I found with a google search:
For general information on using Java on trusted sites, see:
Hi Alice,
thanks for your reply. Your answer is correct. Problem is linked to Java and not to the deployment toolkit.