|
|
Subscribe / Log in / New account

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 12, 2013 14:20 UTC (Thu) by jhhaller (guest, #56103)
Parent article: Security of Java takes a dangerous turn for the worse, experts say (ars technica)

The real problem with applets is that if one needs to use an applet, Java needs to be enabled in the browser, which subjects one to drive-by-downloads. Unless one has a click-to-activate policy which is always enforced, unlike the Firefox approach of "we don't know of any vulnerabilities in this version of Java yet, so lets run the applet from trojanhorsespyware.com", drive-by downloads are still a problem. It's too much to expect people to only enable Java applets just for the sites that need it, then to immediately disable them.

to post comments

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 12, 2013 20:44 UTC (Thu) by luya (subscriber, #50741) [Link]

Which version of Firefox? On Windows version, Java is automatically disabled due to its vulnerability. I don't know about Linux version because my system only runs openjdk based Java.

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 12, 2013 22:47 UTC (Thu) by khim (subscriber, #9252) [Link]

Well, if you use Java6 with recent version of Firefox then Java applets are permanently disabled but you can enable them on specific website if you notice red lock in the location bar. This actually makes Java6 safer choice then Java7 for the users who only need Java for banks :-)

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 14, 2013 1:17 UTC (Sat) by marcH (subscriber, #57642) [Link] (3 responses)

> Unless one has a click-to-activate policy...

I only recently found the "click to play" feature in Chrome. I heard about it by chance. Whereas this perfect feature should be enabled by default it's completely buried way down in the settings: ridiculous.

On Firefox it's much worse since you have install the FlashBlock plugin. Is there even a "JavaBlock" Firefox plugin or better, a generic "click to play" plugin?

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 14, 2013 2:19 UTC (Sat) by Fowl (subscriber, #65667) [Link] (1 responses)

Click to play is on by default for many plugins and configurable for all in current versions of Firefox.

https://blog.mozilla.org/security/2013/01/29/putting-user...

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Sep 14, 2013 19:55 UTC (Sat) by marcH (subscriber, #57642) [Link]

Excellent news (to me), thanks!

Security of Java takes a dangerous turn for the worse, experts say (ars technica)

Posted Oct 16, 2013 16:08 UTC (Wed) by wookey (guest, #5501) [Link]

The (arguably misnamed) quickjava plugin gives you a row of buttons to quickly enable/disable any of javascript, java, silverlight, images, flash, cookies, animations and styles/css. I find this exceedingly useful.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds