Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

Learn More

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

Why is Java Deployment Toolkit (click-to-play) blocked, also the referenced bug is closed and there are no security issues known in Version 7 U51?

  • 3 réponses
  • 26 ont ce problème
  • 61 vues
  • Dernière réponse par MG_DAU

MG_DAU
MG_DAU
more options

I think it is important to block unsecure addons. But if you do so there should be an open bug assigened. The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633

I have the problem that I want to use Secure_Auth that is using the Java Deployment Kit in such a nasty way (via javascript) that firefox doesn't see that the deployment kit should be started. Therefore I will not be asked to allow this plugin always for this web site. Since there is no documentation available how to do this configuration in a config file I am stuck at the moment.

I'm a liitle bit suprised that blocking all versions (even secure versions) is a way to get a good user experience.

Regards

Martin

I think it is important to block unsecure addons. But if you do so there should be an open bug assigened. The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633 I have the problem that I want to use Secure_Auth that is using the Java Deployment Kit in such a nasty way (via javascript) that firefox doesn't see that the deployment kit should be started. Therefore I will not be asked to allow this plugin always for this web site. Since there is no documentation available how to do this configuration in a config file I am stuck at the moment. I'm a liitle bit suprised that blocking all versions (even secure versions) is a way to get a good user experience. Regards Martin

Solution choisie

MG_DAU,

Why do you think that the problem is being caused by the Java Deployment Toolkit block, and not by Java itself? See http://www.java.com/en/download/faq/deployment_toolkit.xml and this document I found with a google search:

For general information on using Java on trusted sites, see:

Lire cette réponse dans son contexte 👍 3

Toutes les réponses (3)

Gingerbread Man
Gingerbread Man
more options

MG_DAU wrote: 

The referenced bug for this add-on is allready resolved so I do not know why this plugin is disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=636633

That's a bug report in the Blocklisting component, meaning it's a request to add an add-on to the blocklist. The fact that it's marked as fixed means the add-on has been added to the blocklist.

Given that there's no way to disable Click-to-Play for this plug-in (the only options are Ask to Activate or Never Activate), if Firefox doesn't trigger a Click-to-Play prompt, I see no way to use it apart from disabling the entire blocklist. This carries a considerable security risk, as no plug-ins will be blocked or set to Click-to-Play, including known malware. If you're sure you want to go through with it, set extensions.blocklist.enabled to false in about:config.

AliceWyman
AliceWyman
  • Moderator
more options

Solution choisie

MG_DAU,

Why do you think that the problem is being caused by the Java Deployment Toolkit block, and not by Java itself? See http://www.java.com/en/download/faq/deployment_toolkit.xml and this document I found with a google search:

For general information on using Java on trusted sites, see:

MG_DAU
MG_DAU Auteur de la question
more options

Hi Alice,

thanks for your reply. Your answer is correct. Problem is linked to Java and not to the deployment toolkit.