Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why doesn't each 'page's info' adhere to the settings for the plug-ins?

more options

When I check my plugins, add ons, for updates, there are option blocks on the right that set whether or not to "Always Activate" or "Always Ask". My question is- -for every page that opens, there is a "page info" option we can check to see/check what is allowed or blocked under Permissions ... And* what the Permission 'settings' ARE for That* page. Why doesn't EVERY page display the Permissions' settings that we have Already set on the Plugins screen*(?). EVERY page has to have the permissions re-done for EVERY domain/server/site provider. Why* aren't the settings that are set on the Plugins screen Used* AS the 'Default' for every page/domain/site, etc.? Note*- if I DON'T change the permissions to "allow", for certain plugins, the page will not work*.

 Also, the "Java Deployment Toolkit 7.0.450.18  10.45.2.18" still* shows as "Vulnerable" After* updating (verified update*). So I found the option to 'Disable' this particular plugin. Now it displays at the bottom of the Plugin page, greyed out.  However*... after updating to Java "SE7 U45" (..for 1 [One*] day ONLY, it showed as Up-to-Date, NOT vulnerable, on every 'page info' screen*) ... and Actually, it Still Does show as Up-To-Date after an Update check*..(??)... But on EVERY page info screen the "Java(TM) Platform SE7 U--Vulnerable Plugin!"  is displayed (?).  How can it be Up-To-Date and OK on the plugin check screen,  but show as a "Vulnerable Plugin" on EVERY 'Page Info' screen?
When I check my plugins, add ons, for updates, there are option blocks on the right that set whether or not to "Always Activate" or "Always Ask". My question is- -for every page that opens, there is a "page info" option we can check to see/check what is allowed or blocked under Permissions ... And* what the Permission 'settings' ARE for That* page. Why doesn't EVERY page display the Permissions' settings that we have Already set on the Plugins screen*(?). EVERY page has to have the permissions re-done for EVERY domain/server/site provider. Why* aren't the settings that are set on the Plugins screen Used* AS the 'Default' for every page/domain/site, etc.? Note*- if I DON'T change the permissions to "allow", for certain plugins, the page will not work*. Also, the "Java Deployment Toolkit 7.0.450.18 10.45.2.18" still* shows as "Vulnerable" After* updating (verified update*). So I found the option to 'Disable' this particular plugin. Now it displays at the bottom of the Plugin page, greyed out. However*... after updating to Java "SE7 U45" (..for 1 [One*] day ONLY, it showed as Up-to-Date, NOT vulnerable, on every 'page info' screen*) ... and Actually, it Still Does show as Up-To-Date after an Update check*..(??)... But on EVERY page info screen the "Java(TM) Platform SE7 U--Vulnerable Plugin!" is displayed (?). How can it be Up-To-Date and OK on the plugin check screen, but show as a "Vulnerable Plugin" on EVERY 'Page Info' screen?

Modified by john

Chosen solution

hello jhudson253, the setting for plugins that you select in the addon manager will be the default for all sites, unless you choose something else for a particular site. this might be useful in a situation where you generally want to keep a plugin disabled, but need it to work on one single site for example...

as for the java plugin, from now on firefox will regard each version of the plugin (current or not) as vulnerable per default - this step was taken because of oracle's poor security record in the past (sitting on unfixed vulnerabilities for months).

Read this answer in context 👍 2

All Replies (6)

more options

Chosen Solution

hello jhudson253, the setting for plugins that you select in the addon manager will be the default for all sites, unless you choose something else for a particular site. this might be useful in a situation where you generally want to keep a plugin disabled, but need it to work on one single site for example...

as for the java plugin, from now on firefox will regard each version of the plugin (current or not) as vulnerable per default - this step was taken because of oracle's poor security record in the past (sitting on unfixed vulnerabilities for months).

more options

See also the about:permissions page.

You can open about: pages via the location bar like you open a web page.

more options

Please give more details to a non geek. The plugin works fine even though it is stated to be vulnerable but:

1. Can I continue to use it as it is?

2. Is there any real danger of cyber attack?

3. If so where are the dangers given that most computers have security software? 4. Should I disable?


Whilst you have stated the obvious the devil is always in the detail so hope I can get more information about the implications and the fix, if any. Thanks.

Modified by rambotrader

more options

..The (supposed) "default" settings is part of the problem... at least My problem(s). If I go to a page that used to work fine*, it will just sit there, blank, 'spinning' progress ball, until I manually go in to the page info Permissions* tab and set Each "new" page's permissions* (pages* I haven't been to since updating java to 7.45... after I've 'set' the Permissions for This* page, site, it will work fine the Next time, but it Will Not work with all the permissions in "Default"). That's why I say "Why do I have to set Every Pages Permissions when the plugin's defaults are already "Set"...? My "Default" isn't working as a "Default"... but slowly, surely, I am getting all of the places I go "set" the way I want (which is [normally] what the settings are in the Plug-In screen.

 It's just a ... minor** ... pain in the Axx*!!
more options

Sorry, RamboTrader ... I Thought I was replying to another guy that had made a suggestion to me*.. (MY bad*) ... ... But I'll try to answer some of your questions ... 1- usually, "yes"* just make sure you Trust that site (if you have anti-virus, anti-malware, etc, and run a scan every week (or so) and Haven't come up with anything quarantined or removed yet, youre probably safe there* 2- sorry, "yes", there's Always a real danger... that's why we have the anti-everything we have (right?) 3- depends on the site*. A Lot of sites don't need java at all (except to run their ads or commercials... 'targeted' or not). Adobe Flash or Shockwave should be able to handle stuff like youtube, etc (but if it doesn't*, just go into the 'Page Info' Permissions* and Allow the [Vulnerable] Java and see if that fixes it). It more than likely will.

 I think it's just a matter of Time* before Adobe* Flash, and practically Every other video app/player may be marked as "vulnerable"... like Java... because every one of them CAN carry a virus or trojan to us in some imbedded format. If JAVA couldn't find a way to stop them* (hackers, etc*) they either ..1-aren't smart enough,  or 2-just gave up trying to stay ahead of them... (like the 'ad' says, some-unGodly-percentage-of-machines use Java already ... so They are making Their money*... what more do they need to do, really..?). They don't care* about us or our stuff, as long as we Buy More.... but I'm a bit jaded*.
more options

^

As far as Oracle / Sun and Java goes, get rid of a couple experienced former Sun Java programmers, and Larry might be able to hire 4 more sailor's for his racing boats. Or maybe more support people for his damn stunt airplanes.
http://www.flickr.com/photos/nikonjim/3699412862/