Closed
Bug 930289
Opened 11 years ago
Closed 11 years ago
Java Plugin 7 Update 45 Marked As Vulnerable
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 914690
People
(Reporter: blandead41, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20131023030205 Steps to reproduce: Checked Plugins, and Checked if they are up to date Using Latest Nightly 27.0a1 (2013-10-23) Actual results: All plugins report up to date with no vulnerability issues, but Java 7 Click To Play Update 45 is marked as "vulnerable" Expected results: Based on your blocked add-ons list https://addons.mozilla.org/en-US/firefox/blocked/ It reports Java Plugin 7 update 25 to 44 (click-to-play), Windows marked as vulnerable Unless this was updated in your blocklist it shouldn't state the plugin as vulnerable for Java 7 U 45. I'm not talking about the Java Deployment Toolkit, but the Java(TM) one.
Comment 1•11 years ago
|
||
Hi Yev, I think this is addressed in bug 914690 and is already fixed. It may not show up right away, though.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Hm.. that bug is a Resolved Incomplete and I it's like they are just debating how to add click to play and then just decided to use local blocklist.. so I checked local blocklist and says Java 7 Update 45 and vulnerability status=2 Does that mean the warning in plugins shows up anyway even though it's not listed in the blocked add-ons website? When I go to more information it directs me to https://addons.mozilla.org/en-US/firefox/blocked/p463 which doesn't exist. I know it's not a big deal, but would be nice to know when the warning should be there or if it's just generally always going to be there for java.
Comment 3•11 years ago
|
||
(In reply to Yev from comment #2) > Hm.. that bug is a Resolved Incomplete and I it's like they are just > debating how to add click to play and then just decided to use local > blocklist.. so I checked local blocklist and says Java 7 Update 45 and > vulnerability status=2 > > Does that mean the warning in plugins shows up anyway even though it's not > listed in the blocked add-ons website? > > When I go to more information it directs me to > https://addons.mozilla.org/en-US/firefox/blocked/p463 which doesn't exist. > > I know it's not a big deal, but would be nice to know when the warning > should be there or if it's just generally always going to be there for java. The new blocks are: https://addons.mozilla.org/en-US/firefox/blocked/p457 Linux https://addons.mozilla.org/en-US/firefox/blocked/p458 Windows https://addons.mozilla.org/en-US/firefox/blocked/p459 OS X From what I read from them, they're now just blocking up to Java 7u44 so if you have 7u45 you get the regular not "scary" click-to-play UI. This was IMHO the sensible thing to do on the 1st place, glad they've backtracked. Your bug should be resolved now.
Yea I really do like the click to play and honestly I wouldn't have known there was a security issue in java 7 update 44 probably for months which made me upgrade to update 45
You need to log in
before you can comment on or make changes to this bug.
Description
•