Closed Bug 786744 Opened 12 years ago Closed 12 years ago

Java <object> element block for zero day vulnerability

Categories

(Firefox :: Security, defect)

15 Branch
x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 785837

People

(Reporter: autismm, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Build ID: 20120824154833

Steps to reproduce:

Tried to block Java <object> element on Mozilla Firefox


Actual results:

No way to block Java <object> element on Mozilla Firefox


Expected results:

Java <object> element should be blocked on Mozilla Firefox due to java zero day vulnerability

http://secunia.com/advisories/50133
Component: Untriaged → Security
You can disable Java by following the directions at https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets.
Group: core-security
This is not a solution to this new Java Zero day vulnerability on mozilla firefox, the description of this issue must be shown there below:
A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in how the "setSecurityManager()" function can be called, which can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs.

Successful exploitation allows execution of arbitrary code.

NOTE: This is currently being actively exploited in targeted attacks.

The vulnerability is confirmed in version 7 update 6 build 1.7.0_06-b24. Other versions may also be affected.(1) 
site: http://secunia.com/advisories/50133/

and other statement from Americas Computer Emergency response team is found below
on the following site

http://www.kb.cert.org/vuls/id/636312

Please add further java block mitigations on mozilla firefox as soon as possible, This Zero day vulnerability (CVE-2012-4681) is being exploited in wild.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.