Closed Bug 930289 Opened 11 years ago Closed 11 years ago

Java Plugin 7 Update 45 Marked As Vulnerable

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
27 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 914690

People

(Reporter: blandead41, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release)
Build ID: 20131023030205

Steps to reproduce:

Checked Plugins, and Checked if they are up to date

Using Latest Nightly 27.0a1 (2013-10-23)


Actual results:

All plugins report up to date with no vulnerability issues, but Java 7 Click To Play Update 45 is marked as "vulnerable"




Expected results:

Based on your blocked add-ons list https://addons.mozilla.org/en-US/firefox/blocked/

It reports Java Plugin 7 update 25 to 44 (click-to-play), Windows marked as vulnerable

Unless this was updated in your blocklist it shouldn't state the plugin as vulnerable for Java 7 U 45. I'm not talking about the Java Deployment Toolkit, but the Java(TM) one.
Hi Yev, I think this is addressed in bug 914690 and is already fixed. It may not show up right away, though.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Hm.. that bug is a Resolved Incomplete and I it's like they are just debating how to add click to play and then just decided to use local blocklist.. so I checked local blocklist and says Java 7 Update 45 and vulnerability status=2

Does that mean the warning in plugins shows up anyway even though it's not listed in the blocked add-ons website?

When I go to more information it directs me to https://addons.mozilla.org/en-US/firefox/blocked/p463 which doesn't exist.

I know it's not a big deal, but would be nice to know when the warning should be there or if it's just generally always going to be there for java.
(In reply to Yev from comment #2)
> Hm.. that bug is a Resolved Incomplete and I it's like they are just
> debating how to add click to play and then just decided to use local
> blocklist.. so I checked local blocklist and says Java 7 Update 45 and
> vulnerability status=2
> 
> Does that mean the warning in plugins shows up anyway even though it's not
> listed in the blocked add-ons website?
> 
> When I go to more information it directs me to
> https://addons.mozilla.org/en-US/firefox/blocked/p463 which doesn't exist.
> 
> I know it's not a big deal, but would be nice to know when the warning
> should be there or if it's just generally always going to be there for java.

The new blocks are:

https://addons.mozilla.org/en-US/firefox/blocked/p457 Linux
https://addons.mozilla.org/en-US/firefox/blocked/p458 Windows
https://addons.mozilla.org/en-US/firefox/blocked/p459 OS X

From what I read from them, they're now just blocking up to Java 7u44 so if you have 7u45 you get the regular not "scary" click-to-play UI.

This was IMHO the sensible thing to do on the 1st place, glad they've backtracked.

Your bug should be resolved now.
Yea I really do like the click to play and honestly I wouldn't have known there was a security issue in java 7 update 44 probably for months which made me upgrade to update 45
You need to log in before you can comment on or make changes to this bug.