Closed Bug 1054591 Opened 10 years ago Closed 7 years ago

No option to be 'always activated' for Java Deployment Toolkit 8.0.110.12

Categories

(Toolkit :: Blocklist Policy Requests, defect)

x86
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: leonardoz, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2122.0 Safari/537.36 Steps to reproduce: Firefox plugin tab does not provide an option to Java Deployment Toolkit 8.0.110.12 be 'always activated' like other plugins Actual results: The plugin is said to be "vulnerable" Expected results: always activated should be available to avoid some trouble while dealing with java-based apps; please consider giving an option to always activate it.
Component: Untriaged → Plug-ins
Product: Firefox → Core
Summary: Java Deployment Toolkit 8.0.110.12 → No option to be 'always activated' for Java Deployment Toolkit 8.0.110.12
Currently all versions of JDT are blocklisted as a result of bug 558584. I'm not sure whether that's the desired current state or not. Jorge?
Component: Plug-ins → Blocklisting
Flags: needinfo?(jorge)
Product: Core → addons.mozilla.org
Version: 31 Branch → unspecified
The last block was bug 636633. We went with all versions since version detection for plugins is always problematic. Given the comments on that bug and elsewhere, I think it's worth reconsidering and trying to narrow down the block. Do we know which versions are vulnerable and which versions aren't?
Flags: needinfo?(jorge) → needinfo?(dveditz)
The Java Deployment Toolkit is used to detect the Java version (also available from the plugins array) and to launch a DIFFERENT version than the one the browser defaults to. Many Java upgrades do not clean up old versions of Java because many corporate-type applets use version-specific features, and the JDT lets web pages get at those versions. This sort of makes sense in a corporate environment where you trust the applet authors but it's an open invitation to hackers on the public web. Too many people have old vulnerable (not updating) Java on their system in addition to the one Firefox sees and can blocklist if it's vulnerable. There have been exploits in the JDT itself in the past but I don't know of any current ones. Evaluating it on that basis alone we could unblock JDT, but the whole concept of running old versions of Java is dangerous. Java itself works just fine without the JDT. Here's the FAQ: http://www.java.com/en/download/faq/deployment_toolkit.xml
Flags: needinfo?(dveditz)
[Tracking Requested - why for this release]:
always activated should be available to avoid some trouble while dealing with java-based apps; please consider giving an option to always activate it.
Product: addons.mozilla.org → Toolkit
how i can disamble "Java Deployment Toolkit"??
Flags: needinfo?(alexis.esteves66)
(In reply to Daniel Veditz [:dveditz] from comment #3) > The Java Deployment Toolkit is used to detect the Java version (also > available from the plugins array) and to launch a DIFFERENT version than the > one the browser defaults to. Many Java upgrades do not clean up old versions > of Java because many corporate-type applets use version-specific features, > and the JDT lets web pages get at those versions. [...] > http://www.java.com/en/download/faq/deployment_toolkit.xml Maybe some of this information should be on <https://blocklist.addons.mozilla.org/en-US/firefox/blocked/p428> ?
Plugins are on the way out, so I'm closing this old bug.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.