Firefox assumes JDK 7u101 insecure on Mac OS X




4 years ago
a year ago


(Reporter: roger.lewis, Unassigned)


Firefox Tracking Flags

(Not tracked)



(1 attachment)



4 years ago
Looks like that Firefox on Mac incorrectly compares update number, and shows message that plugin is vulnerable and should be updated for updates releases that contains 3 digits.
There is no issue on windows and linux.

Product(s) tested: jdk7u101
OS/architecture: mac os x 10.10/10.11
Reproducible: Always
OS/browser version: mac os x 10.11 / 10.10 + firefox
Steps to reproduce:
1) install jdk7u101
2) open java version applet in firefox:

actual result: see screenshot

Comment 1

4 years ago
The bug in the Oracle Java bug system:
So, according to Roger, the blocklist entry this block is pointing to is:

Java Plugin 7 update 11 and lower (click-to-play), Mac OS X

I did some testing with nsIVersionComparator, and the version string "Java 7 Update 101" is essentially equivalent to "Java 7 Update 10.1", which is why it's blocked here.

So, what I'm going to do is change the original block to cover up to version 10, and create a separate block specifically for version 11. That should free versions 10x and 11x for the future, but will cause problems again when Java 7 has a version in the 12x range.

A better long term solution would be for the plugin to report its version number as strictly numerical, like "7.101", so the version comparator doesn't get confused.
Okay, the block is now split in two:

Java Plugin 7 update 10 and lower (click-to-play), Mac OS X

Java Plugin 7 update 11 (click-to-play), Mac OS X

Roger, please test again in 15 mins or so.

Comment 4

4 years ago
I have verified that I am no longer seeing the blocked message. Thank you for updating the block.
Product: → Toolkit
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.