Plugin block request: Java 7 up to Update 44

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
2 years ago

People

(Reporter: Tomcat, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [plugin])

(Reporter)

Description

5 years ago
see Bug 927057 - Java 7u45 was released and 7u45 contains fixes for security vulnerabilities (i guess this means that 7u40 is vulnerable etc)

So since we block the other old versions might might block 7u40 too
We are already CTP blocking all plugins except the latest Flash Player, no?
Duplicate of this bug: 927183
(Assignee)

Comment 3

5 years ago
(In reply to Masatoshi Kimura [:emk] from comment #1)
> We are already CTP blocking all plugins except the latest Flash Player, no?

Not yet, no. That's bug 914690 (for Java) and it's limited to Firefox 24 and above.
Assignee: nobody → jorge
(Assignee)

Comment 4

5 years ago
Blocked:

Java Plugin 7 update 25 to 44 (click-to-play), Mac OS X
https://addons.mozilla.org/en-US/firefox/blocked/p459

Java Plugin 7 update 25 to 44 (click-to-play), Windows
https://addons.mozilla.org/en-US/firefox/blocked/p458

Java Plugin 7 update 25 to 44 (click-to-play), Linux
https://addons.mozilla.org/en-US/firefox/blocked/p457
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Keywords: verifyme
QA Contact: anthony.s.hughes
Resolution: --- → FIXED
Ioana, please have someone on your team test this overnight tonight and reopen if the blocks aren't working. Thanks.
Flags: needinfo?(ioana.budnar)

Comment 6

5 years ago
Paul is the QA owner of CTP, so he'll take over this.
Flags: needinfo?(ioana.budnar)
(In reply to Masatoshi Kimura [:emk] from comment #1)
> We are already CTP blocking all plugins except the latest Flash Player, no?
you're talking probably about bug 899080, but that's normal blocking, we want vulnerable blocking for java
(In reply to Jorge Villalobos [:jorgev] from comment #4)
> Blocked:
> 
> Java Plugin 7 update 25 to 44 (click-to-play), Mac OS X
> https://addons.mozilla.org/en-US/firefox/blocked/p459
> 
> Java Plugin 7 update 25 to 44 (click-to-play), Windows
> https://addons.mozilla.org/en-US/firefox/blocked/p458
> 
> Java Plugin 7 update 25 to 44 (click-to-play), Linux
> https://addons.mozilla.org/en-US/firefox/blocked/p457

Everything's ok on Win and Mac.
But this is NOT working on Linux. j7u25, j7u40 are not blocked.
Careful, j7u25 on Linux is called 1.7.0_25
j7u40 -> 10.40.2
j7u45 -> 10.45.2
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
What are the strings for these Java versions in about:plugins? Maybe the blocklist.xml regex isn't working.
(Assignee)

Updated

5 years ago
Summary: Plugin block request: Java 7u45 → Plugin block request: Java 7 up to Update 44
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #9)
> What are the strings for these Java versions in about:plugins? Maybe the
> blocklist.xml regex isn't working.

Nevermind, see https://bugzilla.mozilla.org/show_bug.cgi?id=914690#c17. We'll need to get the strings before moving ahead.
(In reply to Paul Silaghi, QA [:pauly] from comment #11)
> Done. https://wiki.mozilla.org/QA/Plugins/About:Plugins#Linux_2

Jorge, I trust the information provided by Paul is what you need to move forward with this?
Flags: needinfo?(jorge)
(Assignee)

Comment 13

5 years ago
Yes, that's enough to move forward with this.
Flags: needinfo?(jorge)
(Assignee)

Comment 14

5 years ago
I updated the regular expression for Linux. Please give it an hour or so and test again.
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
This block appears to be working as expected for me.
Status: RESOLVED → VERIFIED
Keywords: verifyme

Comment 16

5 years ago
This block is ridiculous and prevents operation of many legitimate websites.

DEAR MORONS,

PLEASE REVERSE THE BLOCK ASAP, OR AT LEAST ALLOW THE USER TO ADD AN EXCEPTION.

UNLESS OF COURSE YOU WANT TO REDUCE YOUR USER BASE.

KIND REGARDS,

A. USER
(In reply to Jake from comment #16)

Jake, I respectfully ask that you familiarize yourself with https://bugzilla.mozilla.org/page.cgi?id=etiquette.html before leaving any more comments in Bugzilla.

Thank you.

Comment 18

5 years ago
https://addons.mozilla.org/en-US/firefox/blocked/p463 is wrong as it is blocking Java 7u45 that as far as the last critical patch update from Oracle at http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html is *NOT* vulnerable.

Please fix.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 19

5 years ago
(In reply to alex_mayorga from comment #18)
> https://addons.mozilla.org/en-US/firefox/blocked/p463 is wrong as it is
> blocking Java 7u45 that as far as the last critical patch update from Oracle
> at http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
> is *NOT* vulnerable.
> 
> Please fix.

different issue - its not that bug, its https://bugzilla.mozilla.org/show_bug.cgi?id=914690 - please see there comment #50

Updated

5 years ago
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.