Closed Bug 1222557 Opened 9 years ago Closed 6 years ago

Firefox assumes JDK 7u101 insecure on Mac OS X

Categories

(Toolkit :: Blocklist Policy Requests, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: roger.lewis, Unassigned)

Details

Attachments

(1 file)

Looks like that Firefox on Mac incorrectly compares update number, and shows message that plugin is vulnerable and should be updated for updates releases that contains 3 digits.
There is no issue on windows and linux.

Product(s) tested: jdk7u101
OS/architecture: mac os x 10.10/10.11
Reproducible: Always
OS/browser version: mac os x 10.11 / 10.10 + firefox
Steps to reproduce:
1) install jdk7u101
2) open java version applet in firefox: http://www.java.com/en/download/installed8.jsp

actual result: see screenshot
The bug in the Oracle Java bug system: https://bugs.openjdk.java.net/browse/JDK-8141620
So, according to Roger, the blocklist entry this block is pointing to is:

Java Plugin 7 update 11 and lower (click-to-play), Mac OS X
https://addons.mozilla.org/en-US/firefox/blocked/p180

I did some testing with nsIVersionComparator, and the version string "Java 7 Update 101" is essentially equivalent to "Java 7 Update 10.1", which is why it's blocked here.

So, what I'm going to do is change the original block to cover up to version 10, and create a separate block specifically for version 11. That should free versions 10x and 11x for the future, but will cause problems again when Java 7 has a version in the 12x range.

A better long term solution would be for the plugin to report its version number as strictly numerical, like "7.101", so the version comparator doesn't get confused.
Okay, the block is now split in two:

Java Plugin 7 update 10 and lower (click-to-play), Mac OS X
https://addons.mozilla.org/blocked/p180

Java Plugin 7 update 11 (click-to-play), Mac OS X
https://addons.mozilla.org/blocked/p1052

Roger, please test again in 15 mins or so.
I have verified that I am no longer seeing the blocked message. Thank you for updating the block.
Product: addons.mozilla.org → Toolkit
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: