Mozilla blocks Firefox Java plugin
Plug out, baby
Mozilla has begun blocking an unsecured Java plugin for its Firefox browser.
The move, applied through the open source outfit's Plugin Check feature, is intended to protect Firefox fans from a recently discovered security flaw affecting the Java Deployment Toolkit on multiple flavours of Firefox.
Discussions on Bugzilla show this is unrelated to a flaw in Java Web Start affecting multiple browsers and patched by Oracle via an out-of-sequence (emergency) update last week.
Several other insecure plug-ins are already blocked through Plugin Check, as listed on Mozilla's website here. Often such moves are applied in response to frequent instances of browser crashes, a problem that applies to versions of Yahoo Application State Plugin, Skype and AVG SafeSearch, for example. In other cases, such as Apple QuickTime Plugin version 7.1, the block relates to a security vulnerability in the add-on software.
Screenshots illustrating how the Plugin Check technology blocks the Java plugin can be found in a blog post by F-secure here. Mozilla, which launched Plugin Check as a Firefox-only service last October, has plans to expand the technology to warn of potential problems with add-ons to other browsers, as explained in our earlier story here. ®