ID: IRCNE2012041456
Date: 2012-04-04
According to "computerworld", Mozilla has blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions.
Mozilla can add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox installations automatically query the blocklist and notify users before disabling the targeted add-ons.
"The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user's computer," said Mozilla's channel manager Kev Needham in a blog post Monday.
"This vulnerability -- present in the older versions of the JDK and JRE -- is actively being exploited, and is a potential risk to users," Needham said. "To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist."
"Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms," Needham said. The latest versions of Java for Windows are Java 6 Update 31 and Java 7 Update 3.
Mozilla is also considering adding a blocklist entry for the Java plug-in on OS X. On Monday, security researchers from F-Secure announced that new Web-based attacks are exploiting a vulnerability in the latest Java version for Mac OS in order to install malware.
- 2