This article was published on August 28, 2012

Mozilla joins the chorus, tells Firefox users to disable Java due to security hole


Mozilla joins the chorus, tells Firefox users to disable Java due to security hole

Mozilla must have seen the news this week: Security companies are recommending you disable Java, or just uninstall it. The organization is recommending the same to its Firefox users:

At this time there is no patch available from Oracle to address the vulnerability within Java. We recommend that users disable the Java plugin within Firefox to ensure they are protected against this vulnerability.

In fact, Mozilla has gone as far as pointing to its guide for doing just this: How to turn off Java applets. The steps are simple: click on the Firefox button (Tools menu in Windows XP), click Add-ons, click on the Plugins panel, click on the Java (TM) Platform plugin, and click on the Disable button.

That’s it. Now you’ve joined me and the countless of others that are disabling Java due to its security issues.

If you’re just joining us now, here’s the backstory. This week, a new 0-day vulnerability was discovered in Sun’s software being exploited in the wild, as part of limited targeted attacks. The vulnerability is already being used in drive-by download style attacks that eventually result in the installation of the Poison Ivy remote-access tool (RAT). The attacks are currently coming from a domain in China, but working exploit code is available online, so other parties will likely join soon, if they haven’t already.

Since Oracle has yet to issue a patch, security companies are recommending users disable Java or uninstall it. The security hole affects all versions of Oracle’s Java 7 (version 1.7) on all supported platforms. That means all the main browsers are vulnerable if they have the Java plugin installed, including Internet Explorer, Google Chrome, Mozilla Firefox, Opera, and Safari.

Regardless what browser you’re using, uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and otherwise disable Java in your default browser.

Image credit: stock.xchng

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with