Firefox is advising users to disable vulnerable Java versions on Windows. I actually saw this in action on a machine yesterday–a machine that has to run a slightly dated version of the JRE because a vendor hasn’t certified their product with the current version yet.
That’s unavoidable sometimes. So Mozilla’s mitigation is great–display a popup recommending that a user deselect a checkbox to keep that version of Java from running within Firefox. This is good, because web browsers visiting web sites make the best possible conduit for malware, planted inside hostile Java applets. Get hit this way, and it can be days or weeks or even longer before you even realize you’re infected.
So far, Firefox is only doing this in Windows. I hope they’ll start doing it on all platforms. And I hope other browsers will copy this feature.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.