Closed Bug 840454 Opened 11 years ago Closed 11 years ago

Blocklisting IBM Java7 properly for Windows and Linux platforms

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: rijureghunath, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12
Build ID: 20130103094221

Steps to reproduce:

This issue is being opened in continuation to Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=785837 request for blocklisting java due impact of CVE-2012-4681. 

New version of IBM JDK7 (Java7 Service Refresh (SR) 4) will be having a unique plugin and description for both Windows and Linux plugin. Mozilla should use the unique plugin name and description while they design script (blocklist.xml) to block IBM Java.
There was a conversation about splitting off the Java version string so Mozilla can distinguish between Oracle Java and IBM Java.  See https://bugzilla.mozilla.org/show_bug.cgi?id=743446

The upcoming release of IBM Java 7 SR4 and IBM Java 1.6 SR13 will have uniquely identifiable Java plugin version strings so that Mozilla can selectively blocklist the Java plugins on Windows / Linux.

In some security vulnerability cases over the past year, the Oracle Java plugin was at risk but the IBM Java plugin was not affected.  Because the Java plugin strings were not unique, IBM Java plugin users where unjustly blocked.   Unique version strings will give Mozilla and IBM more flexibility to construct plugin block rules.
As far as I understand it, we currently only target Oracle Java, so there shouldn't be any problems where IBM Java is accidentally blocked.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.