Closed
Bug 837240
Opened 11 years ago
Closed 11 years ago
update PFS for java to 7u13
Categories
(Websites :: plugins.mozilla.org, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: roger.lewis, Unassigned)
References
Details
Attachments
(1 file)
|
1.25 KB,
patch
|
clouserw
:
review+
|
Details | Diff | Splinter Review |
Java SE 7u13 was released Feb 1, 2013 Please update the PFS to reflect this new release. Java 7u13 URL: http://java.com/firefoxjre_exe File: xpiinstall.exe MD5 (xpiinstall.exe) = 5de7c30ac4c214340d00ce1630d90e78 SHA1(xpiinstall.exe)= 04c1518f632142ef488374566518228e3b245cf7 7u13 contains fixes for security vulnerabilities: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html
|
||
Comment 1•11 years ago
|
||
Security Update, Wil can we do a push for that? Thanks
Attachment #709667 -
Flags: review?(clouserw)
|
|
||
Comment 2•11 years ago
|
||
also plugincheck bug is here: https://bugzilla.mozilla.org/show_bug.cgi?id=837626
|
||
Updated•11 years ago
|
Attachment #709667 -
Flags: review?(clouserw) → review+
|
|
||
Comment 3•11 years ago
|
||
https://github.com/mozilla/zamboni/commit/c84d0b7f208edbe3683cb22d9811b6e763c8639a The entire team is at an offsite right now so pushes will be awkward. Hope to do Thursday at 2 still.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Comment 4•11 years ago
|
||
(In reply to Wil Clouser [:clouserw] from comment #3) > The entire team is at an offsite right now so pushes will be awkward. Hope > to do Thursday at 2 still. I think we should find a way to do these pushes with a lot more expediency--i.e. the same day that Oracle releases the update. In particular, IIRC, the difference between u11 and u13 is something like 50 now-zero-day exploits, so it doesn't seem reasonable to wait an extra three days. (FWIW, I know that there's a proposal to disable the plugin finder service, but that hasn't happened yet.)
|
|
||
Comment 5•11 years ago
|
||
(In reply to Brian Smith (:bsmith) from comment #4) > > I think we should find a way to do these pushes with a lot more > expediency--i.e. the same day that Oracle releases the update. In > particular, IIRC, the difference between u11 and u13 is something like 50 > now-zero-day exploits, so it doesn't seem reasonable to wait an extra three > days. (FWIW, I know that there's a proposal to disable the plugin finder > service, but that hasn't happened yet.) The Security impact is fairly minimal (in terms of the exploit). PFS never did plugin updates, so its for new users who want to use a site with java but don't have and so they get the infobar. Then they will get the infobar with the "you need to install additional plugins" text. Because the version has changed the install will fail (because the new installer and the changes that get fixed in the patch) and guide them to the manual install. This manual install link is (as example in a German firefox) http://java.com/de/download/index.jsp and so they get 7u13. So its not that when they use PFS they get the old version or so. More important is to keep Plugincheck updated in case a user checks, also maybe at a later time to inform users proactive of vulnerable plugins, but thats a different bug/story/feature who would be nice to have
You need to log in
before you can comment on or make changes to this bug.
Description
•