Jump to content

Marking all Java versions as insecure could backfire on Mozilla


rach

Recommended Posts

With Firefox 24 came a change that affects all versions of the Java plugin installed on a system. Mozilla made the decision to mark all existing and future versions of Java as insecure due to the "history of security vulnerabilities in Java" and "poor response times" to fix those issues.

It needs to be noted that the organization is not the only one that decided to change how plugins are handled. Google decided to block all NPAPI plugins -- to which Java belongs -- at the beginning of 2014.

Previously, only Java plugin version with known security vulnerabilities were added to Mozilla's blocklist which prevented the direct execution of them in the Firefox web browser and other Mozilla products.

Along with this comes a change for users of Firefox who rely on Java. This not only affects gamers playing games designed in Java, but also people using Firefox in business environments.

The bug listing on Mozilla has received its fair share of comments by system administrators who report that their users are running into issues running the Java applications in Firefox because of the changes that Mozilla made.

The main points of criticism revolve around Mozilla's premise that Java is inherently insecure, and the implementation of the warning and click to play system.

As far as the first point of criticism is concerned, the core argument here is that other plugin contents and applications are as insecure as Java is. Especially Flash is mentioned here several times.

The second argument criticizes the implementation of the notifications. When users connect to websites that require Java, a small red icon appears in the browser's address bar next to the site address.


java-deployment-toolkit.jpg

If Java elements are visible on the page, a click to play message is displayed in addition to that. This is however not always the case, so that the red icon may be the only indicator that something was not loaded on the page. While it blinks a couple of times, it can be overlooked easily, especially if users are not experienced computer users.


activate-java-this-plugin-has-security-v
activate Java


While most experienced users may have no issues finding out about the change, most inexperienced users may not be able to figure out the solution on their own.

Some developers have proposed that the warning message should be less scary, especially if the latest version of Java is installed on the computer system.

Most administrators appeal to Mozilla to change the policy, for instance by making the process more visible to the user. Others seem to have jumped ship already and moved to another web browser that does not impose the restrictions -- yet -- on their user base.

What's your take on this? Should Mozilla rethink the blocking of all Java versions, even those that have not been released yet?

:view: View: Original Article

Link to comment
Share on other sites


  • Replies 4
  • Views 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • rach

    2

  • LeeSmithG

    1

  • locoJoe

    1

  • janedoe

    1

Popular Days

Top Posters In This Topic

Developers and admins need to get far away from java based games and software. I applaud mozilla. I havent found a java based program that I cant live without yet!

Link to comment
Share on other sites


New Java doesn't work on Mozilla browsers.

I can't play yahoo pool in SeaMonkey my preferred browser for yahoo games.

I use I.E. for 99% of other activities, but, prefer yahoo games using SeaMonkey.

1java1_zpsbd026844.png

Edited by LeeSmithG
Link to comment
Share on other sites


Java plugins? Ugh. These need to die, as well as ActiveX and Flash too (thanks to Apple and Steve Jobs for showing us the way by banning the latter on iOS). The quicker they're gone the better off we'll all be frankly. Time to move on to modern standards-compliant alternatives supported by HTML5 and beyond.

BTW, I find it interesting that sysadmins are the ones speaking out against this move. If it was well and truly confident about the security of its product, a massive company like Oracle could easily have brought its influence to bear on Mozilla and asked them to review/rescind their decision. If they choose to stay quiet about this then their silence truly speaks volumes IMO.

Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...