Closed
Bug 786744
Opened 12 years ago
Closed 12 years ago
Java <object> element block for zero day vulnerability
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 785837
People
(Reporter: autismm, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0 Build ID: 20120824154833 Steps to reproduce: Tried to block Java <object> element on Mozilla Firefox Actual results: No way to block Java <object> element on Mozilla Firefox Expected results: Java <object> element should be blocked on Mozilla Firefox due to java zero day vulnerability http://secunia.com/advisories/50133
Comment 2•12 years ago
|
||
You can disable Java by following the directions at https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets.
Group: core-security
This is not a solution to this new Java Zero day vulnerability on mozilla firefox, the description of this issue must be shown there below: A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in how the "setSecurityManager()" function can be called, which can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs. Successful exploitation allows execution of arbitrary code. NOTE: This is currently being actively exploited in targeted attacks. The vulnerability is confirmed in version 7 update 6 build 1.7.0_06-b24. Other versions may also be affected.(1) site: http://secunia.com/advisories/50133/ and other statement from Americas Computer Emergency response team is found below on the following site http://www.kb.cert.org/vuls/id/636312 Please add further java block mitigations on mozilla firefox as soon as possible, This Zero day vulnerability (CVE-2012-4681) is being exploited in wild.
Updated•12 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•