There is currently a 0-day available for Java 184.108.40.206. Visiting http://www.mozilla.org/en-US/plugincheck/ notifies a user that the plugin is up to date, which may result in users thinking that they are protected. When a plugin is known to be vulnerable, it should be flagged with a warning so that users are aware that even though they have the most recent version, they are still vulnerable.
Component: Plugin Finder Service → plugins.mozilla.org
Product: Toolkit → Websites
ok i think the best solution so far is that we can mark the java 7 plugins as vulnerable because of the current situation. cc'ing some webdev folks in case we make this much nicer since i think its a special situation here where the plugin itself is latest but vulnerable and no vendor update so far...maybe a infobar would be nice again?
ok plugincheck is updated with the vulnerable information
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 570363
You need to log in before you can comment on or make changes to this bug.