Closed
Bug 840454
Opened 11 years ago
Closed 11 years ago
Blocklisting IBM Java7 properly for Windows and Linux platforms
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: rijureghunath, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Build ID: 20130103094221 Steps to reproduce: This issue is being opened in continuation to Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=785837 request for blocklisting java due impact of CVE-2012-4681. New version of IBM JDK7 (Java7 Service Refresh (SR) 4) will be having a unique plugin and description for both Windows and Linux plugin. Mozilla should use the unique plugin name and description while they design script (blocklist.xml) to block IBM Java.
Comment 1•11 years ago
|
||
There was a conversation about splitting off the Java version string so Mozilla can distinguish between Oracle Java and IBM Java. See https://bugzilla.mozilla.org/show_bug.cgi?id=743446 The upcoming release of IBM Java 7 SR4 and IBM Java 1.6 SR13 will have uniquely identifiable Java plugin version strings so that Mozilla can selectively blocklist the Java plugins on Windows / Linux. In some security vulnerability cases over the past year, the Oracle Java plugin was at risk but the IBM Java plugin was not affected. Because the Java plugin strings were not unique, IBM Java plugin users where unjustly blocked. Unique version strings will give Mozilla and IBM more flexibility to construct plugin block rules.
Comment 2•11 years ago
|
||
As far as I understand it, we currently only target Oracle Java, so there shouldn't be any problems where IBM Java is accidentally blocked.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•