Downright malicious browser plugins and add-ons are obviously a massive security risk, but make no mistake unpatched or outdated extensions are just as big a headache. For this reason, Mozilla has a blocklist service to deal with plugins that jeopardize the security, stability, or performance of Firefox. The latest addition to the Firefox blocklist happens to be the ubiquitous Java plugin. Hit the jump for more.
Back in February, Oracle rolled out a “critical patch update” for Java SE, patching as many as 14 remotely exploitable vulnerabilities. But considering the Java plugin’s notoriety for remaining outdated, the holes that Oracle plugged last month still pose a risk to many users. In fact, according to Mozilla, these vulnerabilities are being actively exploited in the wild.
“To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist,” announced Mozilla channel manager Kev Needham in a blog post Monday.
“Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,” he further wrote. “Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied.”
The latest versions of JRE for Windows and Linux can be obtained from the official Java website.