Tuesday, April 20, 2010

Mozilla Begins Disabling Unsafe Older Versions of Java Deployment Toolkit

That annoying pop-up you keep seeing asking you to disable the older versions of the Java Deployment Toolkit plug-in in your Firefox web browser are not spyware, malware or some fancy virus. According to security expert Brian Krebs its actually an attempt by Mozilla to "block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code."

In a post on his blog, Krebs, details the issue:

By default, installing Java automatically installs the Java Deployment Toolkit plug-in into Microsoft's Internet Explorer and Mozilla's browsers. While Oracle Corp. has pushed out an update to its Java software to fix a dangerous security flaw in the program the update does not remove the older un-secure versions of the plug-in. Even uninstalling Java itself can actually leave the plug-in behind.

It has been advised that you go ahead and disable any older versions of the Jave Deployment Toolkit either through the pop-up or by manually going to Tools, Add-ons, click the Plugins and selecting the Toolkit, then hit the “Disable” button.

Here's a full list of Add-ons/Plug-ins Mozilla has blocklisted and the reasons why.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you