Closed Bug 1159917 Opened 5 years ago Closed 5 years ago

Blocklist Java 7u78 and lower, 8u44 and lower

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
2015-05

People

(Reporter: jorgev, Assigned: jorgev)

Details

Per bug 1154410, Java has been updated, including vulnerability fixes. This now makes 7u78 and lower, and 8u44 and lower publicly vulnerable, so we should block those versions.

Currently, Java 7 is blocked up to update 44 and Java 8 doesn't have any blocks.
Blocks staged:

Java Plugin 7 update 45 to 78 (click-to-play), Linux
https://addons-dev.allizom.org/en-US/firefox/blocked/p722

Java Plugin 8 update 44 and lower (click-to-play), Windows
https://addons-dev.allizom.org/en-US/firefox/blocked/p720

Java Plugin 7 update 45 to 78 (click-to-play), Windows
https://addons-dev.allizom.org/en-US/firefox/blocked/p718

Java Plugin 8 update 44 and lower (click-to-play), Mac OS X
https://addons-dev.allizom.org/en-US/firefox/blocked/p716
 
Java Plugin 7 update 45 to 78 (click-to-play), Mac OS X
https://addons-dev.allizom.org/en-US/firefox/blocked/p714

I don't have the version information for Java 8 on Linux, so I couldn't stage that block. I need someone from QA to get this information, like the one on this page: https://wiki.mozilla.org/QA/Plugins/About:Plugins#Linux_2
Flags: needinfo?(jbecerra)
Keywords: qawanted
I've managed to update the list with the required information for Java 8 on Linux.
https://wiki.mozilla.org/QA/Plugins/About:Plugins#Linux_2

Please let me know if there's anything else I can help with.
Flags: needinfo?(jbecerra)
Keywords: qawanted
QA Contact: cornel.ionce
Thanks, I added the missing block:

Java Plugin 8 update 44 and lower (click-to-play), Linux
https://addons-dev.allizom.org/en-US/firefox/blocked/p728

Can you test the staged blocks? There's information here https://wiki.mozilla.org/Blocklisting/Testing
Flags: needinfo?(cornel.ionce)
We've completed the testing and did not encounter any issues, the mentioned Java versions are successfully blocklisted.

More details can be found here: https://etherpad.mozilla.org/Java-blocklist-bug-1159917
Flags: needinfo?(cornel.ionce)
The blocks are now live:

Java Plugin 8 update 44 and lower (click-to-play), Linux
https://addons.mozilla.org/en-US/firefox/blocked/p912

Java Plugin 7 update 45 to 78 (click-to-play), Linux
https://addons.mozilla.org/en-US/firefox/blocked/p910

Java Plugin 8 update 44 and lower (click-to-play), Windows
https://addons.mozilla.org/en-US/firefox/blocked/p908

Java Plugin 7 update 45 to 78 (click-to-play), Windows
https://addons.mozilla.org/en-US/firefox/blocked/p906

Java Plugin 8 update 44 and lower (click-to-play), Mac OS X
https://addons.mozilla.org/en-US/firefox/blocked/p904

Java Plugin 7 update 45 to 78 (click-to-play), Mac OS X 
https://addons.mozilla.org/en-US/firefox/blocked/p902
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
thank you for deactivating java 7
it is the last version which runs on windows xp
so i can now throw away my windows xp computer when i want to visit websites which needs java
really - thanks!
Rainer: This only applies to Java 7 up through update 78, but 7u79 is available and will not be affected by this action. You can get it (for a limited time) from java.com: http://www.java.com/en/download/manual_java7.jsp

In any case it's "click to play", not a full block. You should be able to run Java just fine, although if you don't upgrade to a non-vulnerable version Firefox may not remember the "run Java always for this site" setting.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.