Closed Bug 829147 Opened 13 years ago Closed 13 years ago

Enable Click To Play for all versions of Java due to zero-day remote code execution vulnerability being actively exploited

Categories

(Toolkit :: Blocklist Policy Requests, defect, P1)

defect

Tracking

()

RESOLVED DUPLICATE of bug 829111

People

(Reporter: mcoates, Unassigned)

References

()

Details

(Keywords: sec-critical)

All versions of Java are currently vulnerable to a zero-day remote code execution vulnerability. Popular exploit kits have been updated to exploit this vulnerability. Request: Enable click to play for all versions of Java. This will allow users to enable Java on specific sites that they trust, but will not automatically load Java on any page and prevent the most common drive by exploitation attacks. http://thenextweb.com/insider/2013/01/10/new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option/ http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
No longer depends on: 829111
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.