Mozilla blocklists Java on older Mac OS X systems
Mozilla has moved to block the Java plugin in Firefox running on versions 10.5 and earlier of Mac OS X, as these versions of Apple's operating system will not be getting an update to the installed Java on their systems. The move comes two weeks after Mozilla blocklisted older versions of Java on Windows which had the flaw that was being exploited by the Flashback trojan and other malware. Mac OS X systems 10.5 and older will not be getting a Java update from Apple and this has meant that Mozilla now feels comfortable adding all Java versions on those OS versions to the blocklist.
But for 10.6 and later, the story is different: Apple has released updates which remove the vulnerability for those systems but, according to Mozilla's Add-Ons blog, there is a bug in Firefox 11 which causes it to ignore updates like that and keep reporting that an old version is installed. This would, in turn, mean that if the blocklist was updated for 10.6 and later, it would most likely block the Java plugin on non-vulnerable systems. The bug in Firefox is due to be fixed in Firefox 12, which will be released on 24 April; expect the blocklist to be updated sometime shortly after that.
The blocking that is being applied is a "soft block" and can be overridden by going to Tools -> Add-ons -> Plugins and clicking on the enable button for the Java plugin; this should only be done where the user knows they will not be visiting any sites where Java-based malware is present though. Users can, of course, use the same window to disable the Java plugin too, a path that is being recommended by many security experts.
- Critical Java hole being exploited on a large scale, a report from The H.
- Firefox 12 beta introduces automatic updates, a report from The H.