Closed Bug 1130896 Opened 9 years ago Closed 3 years ago

Plugin check gets stuck if Java runtime disabled and Java Deployment toolkit enabled

Categories

(Websites :: plugins.mozilla.org, defect)

Product:
Websites
Component:
plugins.mozilla.org
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: aryx, Unassigned)

Details

Firefox 35.0.1, Windows 8.1 64 bit

Java Deployment Toolkit 8.0.310.13 11.31.2.13
JAVA(TM) Platform SE 8 U31 11.31.2.13

There have been two reports by users that https://www.mozilla.org/de/plugincheck/ shows an endless throbber "Checking with Mozilla on the status of your plugins" if Java Deployment Toolkit is enabled but the Java Runtime not. Enabling the Java Runtime fixes the issue.

Screencast of issue: http://img5.picload.org/image/ciwrola/plugincheck4.gif
The screencast is very helpful.
  However, I recommend that you run it in a separate instance of Firefox
  because if you want to 'see it again' I found it did crash my Firefox.
  Never had an issue on 'first watch of the screencast'.

This bug is similar to, and more clearly focused than,
bug 1110451 "Java plugin blocked on plugin check website".

CCing Schalk Neethling [:espressive] who is working on Plugincheck.

See also:
bug 1054591 "No option to be 'always activated' for Java Deployment Toolkit 8.0.110.12"
1054591 is a Blocklisting but

Daniel Veditz [:dveditz] said on 2014-08-21 (in bug 1054591 comment # 3):
> The Java Deployment Toolkit is used to detect the Java version (also
> available from the plugins array) and to launch a DIFFERENT version than
> the one the browser defaults to. Many Java upgrades do not clean up old
> versions of Java because many corporate-type applets use version-specific
> features, and the JDT lets web pages get at those versions.
> 
> This sort of makes sense in a corporate environment where you trust the
> applet authors but it's an open invitation to hackers on the public web.
> Too many people have old vulnerable (not updating) Java on their system
> in addition to the one Firefox sees and can blocklist if it's vulnerable.
> 
> There have been exploits in the JDT itself in the past but I don't know of
> any current ones. Evaluating it on that basis alone we could unblock JDT,
> but the whole concept of running old versions of Java is dangerous. 
> Java itself works just fine without the JDT. Here's the FAQ:
> 
> http://www.java.com/en/download/faq/deployment_toolkit.xml

DJ-Leith
In recent weeks several things have been done that might
improve the Plugincheck Service:

These include:

1. bug 1121456 "PluginCheck for Firefox"

2. bug 1121460 "Move All PluginCheck Client Side Code to Bedrock"

The idea, in those bugs, is to only 'do Plugincheck tests' on Firefox.
A simpler situation.

This bug is similar to, and more clearly focused than,
bug 1110451 "Java plugin blocked on plugin check website".

In bug 1110451 comment # 9 Schalk Neethling [:espressive] asked:
> Can someone please confirm that this has been resolved? Thanks!

I think that question can usefully be asked here as well.

DJ-Leith

Java plugins are no longer supported.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.