The heart of tech

This article was published on August 28, 2012


Mozilla joins the chorus, tells Firefox users to disable Java due to security hole

Mozilla joins the chorus, tells Firefox users to disable Java due to security hole Image by: Vangelis Thomaidis
Emil Protalinski
Story by

Emil Protalinski

Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

Mozilla must have seen the news this week: Security companies are recommending you disable Java, or just uninstall it. The organization is recommending the same to its Firefox users:

At this time there is no patch available from Oracle to address the vulnerability within Java. We recommend that users disable the Java plugin within Firefox to ensure they are protected against this vulnerability.

In fact, Mozilla has gone as far as pointing to its guide for doing just this: How to turn off Java applets. The steps are simple: click on the Firefox button (Tools menu in Windows XP), click Add-ons, click on the Plugins panel, click on the Java (TM) Platform plugin, and click on the Disable button.

That’s it. Now you’ve joined me and the countless of others that are disabling Java due to its security issues.

If you’re just joining us now, here’s the backstory. This week, a new 0-day vulnerability was discovered in Sun’s software being exploited in the wild, as part of limited targeted attacks. The vulnerability is already being used in drive-by download style attacks that eventually result in the installation of the Poison Ivy remote-access tool (RAT). The attacks are currently coming from a domain in China, but working exploit code is available online, so other parties will likely join soon, if they haven’t already.

Since Oracle has yet to issue a patch, security companies are recommending users disable Java or uninstall it. The security hole affects all versions of Oracle’s Java 7 (version 1.7) on all supported platforms. That means all the main browsers are vulnerable if they have the Java plugin installed, including Internet Explorer, Google Chrome, Mozilla Firefox, Opera, and Safari.

Regardless what browser you’re using, uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and otherwise disable Java in your default browser.

Image credit: stock.xchng

Also tagged with