Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Tëj nañu waxtaan wii ba denc ko. Yónneel yeneen laaj soo soxlaa ndimbal.

FF blocks Java 7 update 45. Why? Explanation regards 7U11.

  • 9 tontu
  • 171 am na jafe-jafe bii
  • 5 views
  • i mujjee tontu mooy philipp

more options

Have installed Java 7 update 45. Have both 32- and 64-bit versions installed from Oracle website.

Works in Chrome.

Firefox 24.0 displays error message stating that the Java plugin has known vulnerabilities.

On the support page there is a link to this explanation from January 2013 which regards Java 7 update 11. https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

Does anyone have a permanent fix and preferably an explanation for this?

I know how to allow Java to run once as well as always on a specific site https://support.mozilla.org/en-US/kb/how-to-enable-java-if-its-been-blocked

What I'm wondering is why Firefox still blocks Java per default when Java has been updated many times since the explanation was written.

Thanks a bunch!

Have installed Java 7 update 45. Have both 32- and 64-bit versions installed from Oracle website. Works in Chrome. Firefox 24.0 displays error message stating that the Java plugin has known vulnerabilities. On the support page there is a link to this explanation from January 2013 which regards Java 7 update 11. https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/ Does anyone have a permanent fix and preferably an explanation for this? I know how to allow Java to run once as well as always on a specific site https://support.mozilla.org/en-US/kb/how-to-enable-java-if-its-been-blocked What I'm wondering is why Firefox still blocks Java per default when Java has been updated many times since the explanation was written. Thanks a bunch!

Saafara biñ tànn

hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...

Jàng tontu lii ci fi mu bokk 👍 38

All Replies (9)

more options

Saafara yiñ Tànn

hello mort3n, from now on all versions of the java plugin (also the nominally most current ones) will be considered vulnerable by firefox and blocked per default. that's because of oracle's poor security record in the past, like sitting on unfixed vulnerabilities for months...

philipp moo ko soppali ci

more options

hi philipp Thanks for your answer.

That infomation should be on the Firefox support page or even right in the browser error messages to avoid users spending time trying to solve a problem that cannot be solved.

Thanks again.

more options

thanks for the feedback, i'll see if we can get that updated information into the support articles quickly.

more options

Although I like this idea, you (Firefox dev) still need to provide a way to enable the plugin regardless.

I have already encountered 2 cases which break the user experience without giving an option to activate the plugin: 1. you're using Raritan for out-of-band management of computers 2. you're using HP iLO for out-of-band management of computers

in both cases Firefox does not present me with an option to enable Java. HP iLO uses javascript to call the applet. Raritan calls the applet from some other frame on login, and who knows what the applets are doing in the background.

I can't tell HP or any other vendor to switch their code to something else. Firefox should give me an option to enable Java or I'll have to switch to another browser. At that point, what's the use for Firefox? I can simply stay on the other browser forever.

The way this is currently implemented is breaking things. Fix it.

more options

hello lemsx just to avoid any misconceptions - we volunteers here in the support forums are mainly users like you (developers won't read here), so we cannot directly influence those decisions or changes.

the blocking is to be reverted in the meantime anyway because there have been bugs found on other webpages where the interface to activate the plugin momentarily wasn't shown properly. if you have other examples of sites where click-to-play is not working correctly, please file a bug at bugzilla.mozilla.org like it is requested at https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c50, so it can be taken care of properly in a future version of the blocklisting. thank you!

more options

Philipp,

Thanks for the response... I realize now that the option to re-enable the plugin is shown if the toolbar for the address is shown. This is not the case for all users, one can simply deactivate all the toolbars (as I do since I use Vimperator extension).

That said, after reading through the documentation I was able to noticed that their is a new way to activate plugins which is only shown on the address bar!

On your note, developers should be reading these forums to get a feel for how good or bad they are breaking things for us the users. However, you're right and I should just file a bugzilla bug. Thanks

more options

How can I get Java(TM) Platform SE 7 U45 10.45.2.18 back into my Add-on's. It is missing from my Add-on list. I cannot find it to download. I have reinstalled Firefox, all to no avail. I have it on my laptop and Java works when I turn it on. Any suggestions

more options

I can't get Java to work for the following: http://jesnetplus.com/~rickynumber24/pq.html

My Java plug-in is set to "Ask to activate". Clicking on the little battery widget in the address bar shows

"Java(TM) Platform SE 7 U" is enabled on jesnetplus.com

However, I only get a pop-up with

Application Blocked. Click for details Your security settings have blocked an untrusted application from running.

Clicking on the "Details" button just brings up the Java Console: Java Plug-in 10.51.2.13

Clicking on either "Ignore" or "Reload" does nothing.

So I have two questions: 1) How do I get the details that really tell me what's blocking this applet? 2) How do I un-block the applet?

more options

hello Curmudgeon3, your issue with java 7 U51 is a separate one than originally discussed here. the message you were referring to isn't coming from firefox but from the java plugin itself - please refer to oracle's documentation: http://www.java.com/en/download/help/appsecuritydialogs.xml

thank you!