A new critical vulnerability has been discovered in: - Java SE 5 Update 22 - Java SE 6 Update 35 - Java SE 7 Update 7 There's no current fix, so the block should only display an info bar.
The infobar block is useless without a version to update to, and I don't think we want to move forward with a block unless we have evidence of the vulnerability being exploited in the wild.
I believe this is now (partially) fixed by "Oracle Java SE Critical Patch Update Advisory - October 2012" I'd say you should put the block in place and suggest users to upgrade to either 1.7.0_09 or 1.6.0_37. 1| http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
It's likely a dupe of bug 803152 although we have no evidence that this vulnerability is included in Java SE7u9 and SE6u37.
According to https://wiki.mozilla.org/Blocklisting/PluginBlocks Java SE 7 Update 7 is softblocked/CTP blocked in all Firefox versions. Java SE 6 Update 35 is CTP blocked in FF 17 and newer. So what's remaining here is Java SE 5 and softblocks for older Firefox versions (for Java SE 6).
(In reply to Frank Wein [:mcsmurf] from comment #4) > So what's remaining here is Java SE 5 and softblocks for older Firefox versions (for > Java SE 6). Old Java SE 6 versions are soft-blocklisted for any Firefox versions. See https://addons.mozilla.org/firefox/blocked/ Concerning Java SE 5, it's already hard-blocklisted for users of Firefox 3.6 and above. See bug 634639.
So https://wiki.mozilla.org/Blocklisting/PluginBlocks is out-of-date then? Because SE 6 Update 35 is not listed there.
(In reply to Frank Wein [:mcsmurf] from comment #6) > So https://wiki.mozilla.org/Blocklisting/PluginBlocks is out-of-date then? > Because SE 6 Update 35 is not listed there. The page should be up to date. Java 6 up to 6u30 is softblocked for all versions, and 6u31 to 6u32 are sofblocked up to Firefox 17.*. 6u31 to 6u38 are only CTP blocked on 17 and above.
As far as I can tell, all versions mentioned in this block have already been included in other blocks: https://wiki.mozilla.org/Blocklisting/PluginBlocks