J7u11 plugs browser applets security holes, prevents auto-running unsigned, self-signed applets
90 views
Skip to first unread message
Fernando Cassia
Jan 14, 2013, 1:25:39 AM1/14/13
to java...@googlegroups.com
FYI...
JRE / JDK 7 update 11 were released on Saturday.
JRE 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
JDK 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
it fixes the security holes in the browser plug-in component, widely
reported on the IT and mainstream press last Thursday-Friday, many of
which included the usual misinformation-FUD recommending to "uninstall
Java" (the whole JVM) instead of just disabling the browser plug-in.
In the release notes, ORCL says it has made the browser plug-in NOT
RUN by default any UNSIGNED or "Self-signed" applets without user
confirmation. This effectively should make "zero click surface"
attacks not possible anymore.
Firefox 18 also added a feature asking users to confirm before running
any plug-in content on each web page or a per-page basis. Thus
creating a double-confirmation to run unsigned or self-signed applets.
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
JRE / JDK 7 update 11 were released on Saturday.
JRE 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
JDK 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
it fixes the security holes in the browser plug-in component, widely
reported on the IT and mainstream press last Thursday-Friday, many of
which included the usual misinformation-FUD recommending to "uninstall
Java" (the whole JVM) instead of just disabling the browser plug-in.
In the release notes, ORCL says it has made the browser plug-in NOT
RUN by default any UNSIGNED or "Self-signed" applets without user
confirmation. This effectively should make "zero click surface"
attacks not possible anymore.
Firefox 18 also added a feature asking users to confirm before running
any plug-in content on each web page or a per-page basis. Thus
creating a double-confirmation to run unsigned or self-signed applets.
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
Fernando Cassia
Jan 14, 2013, 1:27:31 AM1/14/13
to java...@googlegroups.com
On Mon, Jan 14, 2013 at 3:25 AM, Fernando Cassia <fca...@gmail.com> wrote:
> it fixes the security holes in the browser plug-in component,
sorry, let me rephrase "fixes the security holes exploited by
> it fixes the security holes in the browser plug-in component,
launching Java applets
inside a web browser using the Java browser plug-in". :)
FC
Casper Bang
Jan 14, 2013, 11:23:06 AM1/14/13
to java...@googlegroups.com
Firefox 18 also added a feature asking users to confirm before running
any plug-in content on each web page or a per-page basis. Thus
creating a double-confirmation to run unsigned or self-signed applets.
Chrome had this for a while, although I think you had to go enable it manually (in some hidden options panel, in Google's failed logic of simplifying the browser UI by making that panel inaccessible from the toolbar/menubar).
Ubuntu/Mint users might find this URL helpful:
/Casper
Reply all
Reply to author
Forward
0 new messages