Mozilla on Thursday announced it has added Java 7 Update 7 to its Firefox add-on block list due to the discovery of a new vulnerability. The critical security hole could potentially allow attackers to compromise the user’s system, and is currently being exploited in the wild.
Mozilla called the flaw “a serious risk to users” and thus took steps to protect its users. Update 6 and below had already been blocklisted due to other vulnerabilities, and now Update 7 has been added.
Here’s what the company had to say about today’s move:
Mozilla strongly encourages anyone who requires the Java JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied. If the block is accidentally accepted, the plugin can be enabled again in the Add-ons Manager, in the Plugins pane.
Mozilla is being much calmer about this Java issue than it was about the last one. Back in August, the company recommended:
At this time there is no patch available from Oracle to address the vulnerability within Java. We recommend that users disable the Java plugin within Firefox to ensure they are protected against this vulnerability.
The difference between the two issues is simple. Last time, there was no patch. This time, Java users can simply upgrade to the latest version: Java 7 Update 9.
Nevertheless, our advice to users remains the same:
Regardless what browser you’re using, uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and otherwise disable Java in your default browser.
There are simply too many Java issues for anyone to keep the plugin around just for the sake of it.
Image credit: Flavio Takemoto