Mozilla Blocks Vulnerable Java Versions In Firefox 205
Trailrunner7 writes with this excerpt from Threatpost: "Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks. 'This vulnerability — present in the older versions of the JDK and JRE — is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,' Mozilla's Kev Needham said."
Java dying? (Score:4, Insightful)
So sad what has become of Java.
I know a large part of Slashdot hates Java, but:
-Java passed C/C++ on Sourceforge a while back
-Java was the first language of a lot of people because a lot of colleges adopted it
-Java was the first real and powerful language for a lot of people
-Java held out the promise of developing programs not beholden to M$, thereby making a lot of platforms viable
-Java was supposed to make things easier for the small developer (ISV) by allowing write-once, run anywhere.
So that's why a lot of people have good feelings for Java. Unfortunately, it's dying of a thousand cuts.
Mozilla gives middle finger to enterprise again (Score:5, Insightful)
So now we have to be sure that we upgrade our Java first then Firefox... However we had planned to do Fire Fox this week and Java next month, after you know we test our applications that we need to run our business with the new Java version.
The enterprise doesn't stick with IE because they think it is a good browser they know how much it sucks. They stick with it because it can be maintained and managed properly in an enterprise environment.
Re:Mozilla gives middle finger to enterprise again (Score:5, Insightful)
If you have to choose between clearly dangerous infection vector and updating ancient and fragile legacy java applets, I'd say Mozilla is the least of your problems.
How about a huge blinky warning instead? (Score:4, Insightful)
Instead of Mozilla just fucking DISABLING it, how about adding a huge blinky warning to it?
"Oh, wow. I should upgrade as soon as I get the opportunity."
vs
"Fuck, it broke!"
Re:Java dying? (Score:5, Insightful)
Java's server-side is still very strong and won't be going anywhere anytime soon.
Java as a language for UIs, not so much. The built in UI widgets and windowing (Swing) is weak at best. While it has many of the basic widget types, it hasn't really evolved much as time has moved forward. Plus it always felt just enough different from native applications to stop developers from using it.
Java applets, I feel, have been dead for a long time. Applet initialization time was just too long or would break during loading to discourage people from using it. Though, I've seen Java Web Start work pretty well for deploying Java applications.
Re:Java dying? (Score:5, Insightful)
Re:Mozilla gives middle finger to enterprise again (Score:2, Insightful)
Re:Java dying? (Score:4, Insightful)
Re:Mozilla gives middle finger to enterprise again (Score:4, Insightful)
And you would deserve it. If you maintain an insecure system, you are a threat not just to yourself, but to the entire internet.
You foster malicious code that can be used to pit your system against others. Everyone is connected on the Internet, and if you chose to be a weak link, you are everyone's problem.
I am usually sympathetic to upgrade issues, but if you are going to be in the wild of the internet, fix your software. You are on an internal closed network, no one is forcing you to upgrade Firefox. Maintain your legacy setup.
Re:Java dying? (Score:5, Insightful)
-Java held out the promise of developing programs not beholden to M$
So now you can make programs that are beholden to Oracle, who are just as bad, or worse.
Re:Mozilla gives middle finger to enterprise again (Score:5, Insightful)
Enterprise customers don't just roll out browsers. They do testing, they tweak the configuration and then they roll it out. Having to take the extra step to configuring some settings doesn't sound like a deal breaker. If anything, it sounds like a feature enterprise could really use. If your organization is whining about this, they likely aren't following due diligence in testing the browsers in the first place.
Re:And there was me believing managed code was saf (Score:5, Insightful)
No software is perfect. No software will ever be perfect. Any non-trivial code will contain some bugs, but there's something seriously wrong here.
Software like Java, Flash and Acrobat Reader aren't weekend projects thrown together in a few hours by a highschool student. They have been around a long time and are produced by large companies with lots of resources. The fact that these programs still have to constantly be patched to fix gaping security holes, is beyond absurd.
It would be funny if it wasn't so stupid.
Re:And there was me believing managed code was saf (Score:3, Insightful)
Re:And there was me believing managed code was saf (Score:5, Insightful)
The fact that these programs still have to constantly be patched to fix gaping security holes, is beyond absurd.
I think this is addressed by your first statement-
No software is perfect.
Re:And there was me believing managed code was saf (Score:4, Insightful)
There are two ways of constructing a software design.
One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies.
The first method is far more difficult.
C. A. R. Hoare, 1980 Turing Award lecture