Firefox is advising users to disable vulnerable Java versions on Windows. I actually saw this in action on a machine yesterday–a machine that has to run a slightly dated version of the JRE because a vendor hasn’t certified their product with the current version yet.
That’s unavoidable sometimes. So Mozilla’s mitigation is great–display a popup recommending that a user deselect a checkbox to keep that version of Java from running within Firefox. This is good, because web browsers visiting web sites make the best possible conduit for malware, planted inside hostile Java applets. Get hit this way, and it can be days or weeks or even longer before you even realize you’re infected.
So far, Firefox is only doing this in Windows. I hope they’ll start doing it on all platforms. And I hope other browsers will copy this feature.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.