Closed Bug 1159917 Opened 10 years ago Closed 10 years ago

Blocklist Java 7u78 and lower, 8u44 and lower

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
2015-05

People

(Reporter: jorgev, Assigned: jorgev)

Details

Per bug 1154410, Java has been updated, including vulnerability fixes. This now makes 7u78 and lower, and 8u44 and lower publicly vulnerable, so we should block those versions. Currently, Java 7 is blocked up to update 44 and Java 8 doesn't have any blocks.
Blocks staged: Java Plugin 7 update 45 to 78 (click-to-play), Linux https://addons-dev.allizom.org/en-US/firefox/blocked/p722 Java Plugin 8 update 44 and lower (click-to-play), Windows https://addons-dev.allizom.org/en-US/firefox/blocked/p720 Java Plugin 7 update 45 to 78 (click-to-play), Windows https://addons-dev.allizom.org/en-US/firefox/blocked/p718 Java Plugin 8 update 44 and lower (click-to-play), Mac OS X https://addons-dev.allizom.org/en-US/firefox/blocked/p716 Java Plugin 7 update 45 to 78 (click-to-play), Mac OS X https://addons-dev.allizom.org/en-US/firefox/blocked/p714 I don't have the version information for Java 8 on Linux, so I couldn't stage that block. I need someone from QA to get this information, like the one on this page: https://wiki.mozilla.org/QA/Plugins/About:Plugins#Linux_2
Flags: needinfo?(jbecerra)
Keywords: qawanted
I've managed to update the list with the required information for Java 8 on Linux. https://wiki.mozilla.org/QA/Plugins/About:Plugins#Linux_2 Please let me know if there's anything else I can help with.
Flags: needinfo?(jbecerra)
Keywords: qawanted
QA Contact: cornel.ionce
Thanks, I added the missing block: Java Plugin 8 update 44 and lower (click-to-play), Linux https://addons-dev.allizom.org/en-US/firefox/blocked/p728 Can you test the staged blocks? There's information here https://wiki.mozilla.org/Blocklisting/Testing
Flags: needinfo?(cornel.ionce)
We've completed the testing and did not encounter any issues, the mentioned Java versions are successfully blocklisted. More details can be found here: https://etherpad.mozilla.org/Java-blocklist-bug-1159917
Flags: needinfo?(cornel.ionce)
The blocks are now live: Java Plugin 8 update 44 and lower (click-to-play), Linux https://addons.mozilla.org/en-US/firefox/blocked/p912 Java Plugin 7 update 45 to 78 (click-to-play), Linux https://addons.mozilla.org/en-US/firefox/blocked/p910 Java Plugin 8 update 44 and lower (click-to-play), Windows https://addons.mozilla.org/en-US/firefox/blocked/p908 Java Plugin 7 update 45 to 78 (click-to-play), Windows https://addons.mozilla.org/en-US/firefox/blocked/p906 Java Plugin 8 update 44 and lower (click-to-play), Mac OS X https://addons.mozilla.org/en-US/firefox/blocked/p904 Java Plugin 7 update 45 to 78 (click-to-play), Mac OS X https://addons.mozilla.org/en-US/firefox/blocked/p902
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
thank you for deactivating java 7 it is the last version which runs on windows xp so i can now throw away my windows xp computer when i want to visit websites which needs java really - thanks!
Rainer: This only applies to Java 7 up through update 78, but 7u79 is available and will not be affected by this action. You can get it (for a limited time) from java.com: http://www.java.com/en/download/manual_java7.jsp In any case it's "click to play", not a full block. You should be able to run Java just fine, although if you don't upgrade to a non-vulnerable version Firefox may not remember the "run Java always for this site" setting.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.