Closed
Bug 1054591
Opened 10 years ago
Closed 7 years ago
No option to be 'always activated' for Java Deployment Toolkit 8.0.110.12
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: leonardoz, Unassigned, NeedInfo)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2122.0 Safari/537.36
Steps to reproduce:
Firefox plugin tab does not provide an option to Java Deployment Toolkit 8.0.110.12 be 'always activated' like other plugins
Actual results:
The plugin is said to be "vulnerable"
Expected results:
always activated should be available to avoid some trouble while dealing with java-based apps; please consider giving an option to always activate it.
Updated•10 years ago
|
Summary: Java Deployment Toolkit 8.0.110.12 → No option to be 'always activated' for Java Deployment Toolkit 8.0.110.12
Comment 1•10 years ago
|
||
Currently all versions of JDT are blocklisted as a result of bug 558584. I'm not sure whether that's the desired current state or not. Jorge?
Component: Plug-ins → Blocklisting
Flags: needinfo?(jorge)
Product: Core → addons.mozilla.org
Version: 31 Branch → unspecified
Comment 2•10 years ago
|
||
The last block was bug 636633. We went with all versions since version detection for plugins is always problematic. Given the comments on that bug and elsewhere, I think it's worth reconsidering and trying to narrow down the block.
Do we know which versions are vulnerable and which versions aren't?
Flags: needinfo?(jorge) → needinfo?(dveditz)
Comment 3•10 years ago
|
||
The Java Deployment Toolkit is used to detect the Java version (also available from the plugins array) and to launch a DIFFERENT version than the one the browser defaults to. Many Java upgrades do not clean up old versions of Java because many corporate-type applets use version-specific features, and the JDT lets web pages get at those versions.
This sort of makes sense in a corporate environment where you trust the applet authors but it's an open invitation to hackers on the public web. Too many people have old vulnerable (not updating) Java on their system in addition to the one Firefox sees and can blocklist if it's vulnerable.
There have been exploits in the JDT itself in the past but I don't know of any current ones. Evaluating it on that basis alone we could unblock JDT, but the whole concept of running old versions of Java is dangerous. Java itself works just fine without the JDT. Here's the FAQ:
http://www.java.com/en/download/faq/deployment_toolkit.xml
Flags: needinfo?(dveditz)
Comment 4•10 years ago
|
||
[Tracking Requested - why for this release]:
Comment 5•9 years ago
|
||
always activated should be available to avoid some trouble while dealing with java-based apps; please consider giving an option to always activate it.
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
Comment 6•8 years ago
|
||
how i can disamble "Java Deployment Toolkit"??
Flags: needinfo?(alexis.esteves66)
Comment 7•8 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #3)
> The Java Deployment Toolkit is used to detect the Java version (also
> available from the plugins array) and to launch a DIFFERENT version than the
> one the browser defaults to. Many Java upgrades do not clean up old versions
> of Java because many corporate-type applets use version-specific features,
> and the JDT lets web pages get at those versions.
[...]
> http://www.java.com/en/download/faq/deployment_toolkit.xml
Maybe some of this information should be on <https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p428> ?
Comment 8•7 years ago
|
||
Plugins are on the way out, so I'm closing this old bug.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•