Mozilla has blacklisted an unpatched versions of the Java
plug-in from Firefox on Windows in order to protect its
users from attacks that exploit known vulnerabilities in
The February 2012 update to the Java Development Kit
(JDK) and Java Runtime Environment (JRE) included a patch
to correct a critical vulnerability that can permit the
loading of arbitrary code on an end-user?s computer.
This vulnerability - present in the older versions of the
JDK and JRE - is actively being exploited, and is a
potential risk to users, according to Mozilla. To
mitigate this risk, Mozila has added affected versions of
the Java plugin for Windows (Version 6 Update 30 and
below as well as Version 7 Update 2 and below) to
Firefox?s blocklist. A blocklist entry for the Java
plugin on OS X may be added at a future date.
Mozilla strongly encourages anyone who requires the JDK
and JRE to update to the current version as soon as
possible on all platforms.
Mozilla will automatically disable affected versions of
the Java plugin unless a user makes an explicit choice to
keep it enabled at the time they are notified of the
block being applied.
Updated versions of the JRE for Windows and Linux
operating systems are available through java.com.
Researchers from F-Secure announced that new Web-based
attacks are exploiting a vulnerability in the latest Java
version for Mac OS in order to install malware.
Preventing those attacks from affecting Firefox users
would mean blacklisting the latest version of the Java
plug-in for Mac.