Java Deployment Toolkit 18.104.22.168 plug-in is blocked. It is still enabled, but FF is blocking it all the same. I now cannot view media on certain pages. Is there a fix? Are you going to offer a secure replacement?
Please check if all your plugins are up-to-date. To do this, go to the Mozilla Plugin Check site.
Once you're there, the site will check if all your plugins have the latest versions. If you see plugins in the list that have a yellow Update button or a red Update now button, please update these immediately.
To do so, please click each red or yellow button. Then you should see a site that allows you to download the latest version. Double-click the downloaded file to start the installation and follow the steps mentioned in the installation procedure.
Also refer to
What kind of media can you not view?
Please post a link to a page that does not require a login and describe the content on the page that you can not view. You can post a screenshot. After saving the screenshot to your hard drive, click the Browse button below the reply text box, navigate to the saved image and click it
Java Deployment Toolkit 22.214.171.124 is the most currently available version.
You should be able to view Java applets. The Deployment Toolkit is intended for those who edit Java applets or edit pages with Java applets.
Why it is being blocked (July 18, 2013) - https://addons.mozilla.org/en-US/firefox/blocked/p
It shouldn't be a problem if its blocked. I think the issue is elsewhere, in particular - download the latest Flash player:
http://get.adobe.com/flashplayer/ (uncheck the box to get McAfee when downloading)
If you use extensions (Firefox/Tools > Add-ons > Extensions) that can block content (e.g. Adblock Plus, NoScript, Flash Block, Ghostery) then make sure that such extensions aren't blocking content.
I've installed the latest version of Java and FIrefox. I note the Java Deployment Kit 7.0.400.43 is both shown as (a) up to date in the plugincheck but (b) vulnerable in addons. Is this _always_ vulnerable and, if so, why is the add-on installed by default? (I just did a fresh install of Firefox after completely wiping it and it's still there.)
Yes, the Java Deployment Toolkit is always labeled as vulnerable, and is automatically set to Never Activate.
Oracle still needs to fix the vulnerabilities with that plugin.
That plugin is mainly needed by Java Developers. Average users shouldn't need that plugin for anything on the web, but some private or institutional intranets may need that plugin for certain applications. In those cases the user can select Ask to activate in the Add-ons Manager > Plugins tab
In all fairness, Java is the most annoying, piece-of-shit software on the entire internet. 99% of programs for web and filesharing need it, but it's so full of holes that swiss cheese would probably be more secure... worse, nobody wants the hassle of inventing something better.
Java is a total disgrace.
I understand the the FF team want users to be secure-by-default but I need to use this plugin and hence need this set this to always enable (As the ask to enable setting breaks JDT auto-detection)
Surely there is some way but bypass this advisory.
EDIT: Found it (Though all the help on this topic is misleading)
Click on the lock (if an SSL enabled site) icon click "more information", select the permissions tab and finally tick "Java deployment toolkit" in the "Activate plugins" section
Thanks SilentMobius for an answer that works! One note: you can go to Tools -> Page Info -> Permissions, you do not need to click a lock on a secure site, and then More Information. That just brings up the Page Info box on the Security tab. Hopefully Mozilla FF won't decide to remove "bad" things from that permission list entirely, to prevent enabling.