Mozilla Adds Vulnerable Java 7 Update 7 To Blocklist [Security Alert]
Mozilla has added Java 7 Update 7 to its add-on block list after it found the plugin vulnerable. This means, if you have Java 7 Update 7 installed on your computer (be it Windows, Linux or Mac), Firefox will automatically block the Oracle Java plugin.
Oracle Java 7 Update 7 is admittedly not the latest version of Java, as of now, that is, November 24, 2012, Java 7 Update 9 is the latest version available for download and install. So, if you want to re-enable Java on Firefox, you need to download the latest version of Java and install it.
According to Mozilla, Java 7 Update 7 plugin poses a serious risk to the users and thus it had to add the plugin to its blocklist. Mozilla further states that the discovery of the critical security hole in the plugin potentially allows attackers to compromise user’s system, and the bug is currently being exploited in the wild.
Here’s what Mozilla has announced in its blog,
Java 7 Update 7 is vulnerable to a critical security bug that could lead attackers to compromise the user’s system through the Java plugin. The vulnerability is currently being exploited, and is a serious risk to users. To mitigate this risk, we have added Java 7 Update 7 to the add-on blocklist. Update 6 and below had been blocklisted already due to other vulnerabilities.
Mozilla’s advice to users using still running Java 7 Update 7
Mozilla has advised users who requires the Java JDK and Java JRE, to update it to the latest version available as soon as possible, on all platforms. The latest version of Oracle JRE (Java Runtime Environment) is available for download on java.com.
The best suggestion from us for all users is, it doesn’t matter which web browser you’re using on your computer, if you don’t need Java, uninstall Java. If you do need it, you should always keep Java updated and enable it in the browser only when its required, otherwise disable Java in your browser.
Source: Mozilla Add-ons Blog