Firefox Plugin Vulnerability

[Warlock]

Look out, fasten your seat belts I'm going technical today and hope this is the correct place for this.

 

Thank goodness for Firefox, they get a gold star from me today. In checking to see if my addons were up to date there was a notice that Java Deployment Toolkit (Click To Play) Version 7.0.90.5 10.9.2.5 was blocked for usage on July 18, 2013.

 

I read further at the item location and also checked the forum and the net for greater understanding. In the final analysis I don't have a clue as to what it is, what is going on and as I state my location, lost in space. One source during research said even though it was blocked it made no difference. Another stated if it was disabled it made no difference.

 

I decided to notify and present this issue to my good friends here in the hopes of obtaining some advice on what to do. Please remember my abilities are so far below zero there's no measurement. In other words please K.I.S.S. Thanks so much everyone and have a good day.

 

Warlock

[DennisD]

A lot of the folk on here including myself discarded Java completely a long time ago, and I've never since found that I've needed it.

 

The only way to find out is to remove it completely from your system and then find out over time as to whether you ever needed it.

 

Some of the other guys do have to keep it installed, and they'll probably tell you what they need it for. Gaming comes to mind and maybe some online banking sites use it.

 

It's easy to get rid of if you decide to go down that road Warlock.

 

Completely Remove Java Using SingularLabs’ JavaRa:

[mta]

+1 with @DennisD

removed it from all my rigs about 6 months ago, yet to see any downside.

have stopped installing it as part of my SOE on new PC's and, again, no complaints.

 

as @DennisD said, easy to remove, and more importantly, if something crops up that does require it, just as easy to re-install.

[login123]

+2 for DennisD.

 

I took it off win xp and win 7, never looked back.

Just today hit on some news site that said it needed java, so got the same news elsewhere.

 

And if you ever want to you can just put it back.

[Andavari]

I removed it years ago, never had much need for it and the constant vulnerabilities made it easy to kick off my system for good. Now I have Adobe Flash Player in my sites to kick off at some point, regardless of it being used on so many sites.

[hazelnut]

I haven't had java on my machine for a couple of years.

[Warlock]

At the onset I want to express my deepest thanks and appreciation to all my dear friends on the forum for responding to my post on July 20, 2013 concerning the Java Deployment Toolkit issue. I neglected to mention that I have Windows XP Professional 32 Bit SP3 and Firefox Version 22. I do not engage in any gaming and certainly do no banking over the net which I understand is the primary entity for such activities.

 

I also failed to mention that when I go to Tools, Add-on Manager it lists the various plugins which I had no part in their installation and that was where the notice showed that the above had been blocked by Firefox. However, when one presses "Check to see if plugins are up to date", it indicates that the plugin is in fact up to date which is slightly confusing. I did attempt in addition to contact Mozilla but have yet to hear back from them and that could be due to user and password issues that I have had with them previously.

 

While Dennis's kind inclusion of a link to remove Java I feel I must with all due respect be straightforward as all are aware by now, that it falls into my complete lack of computer knowledge and hope he is not offended in any way. My constant dread and fear that if something goes awry and causes a problem I would have no way to seek assistance to correct any issues. You good folks are so adept in what you do and are able to communicate back and forth, I am not and should the computer become fouled up I would have no where to go. It is very troubling to experience this ineptness. It is indeed a marriage made in * * * * I was hoping for a simple, click on this or that to remedy the problem I presented but apparently it is not forthcoming.

 

Since I have not experienced any difficulties with the plug-in would it be wise under the circumstances to for now just let sleeping dogs lie? Once again I am so grateful to all of you who have devoted their time and efforts to try to help me, hoping you understand. You're the greatest friends one could hope for. In closing I would like to state should you have anything further concerning this I would welcome it with open arms. Thank you all so much again.

 

Warlock

[Alan_B]

A Java vulnerability will allow a hacker to do far more than access any banking information (which so far as you know is absent from your machine).

 

Hackers could achieve total access to your computer as a result of Java,

and thus steal information that would allow them to :-

use your login information and passwords for your ISP, your email accounts, and membership of the Piriform forum (amongst other things),

and possible to steal your identity.

 

Most sites will still work well for you after removing Java,

and even if you find that removal was bad for a site you need, the Piriform Forum will still be just as good as ever and you can get all the help you need to restore Java.

 

My desktop has never had Java and I have never needed it.

Consequently I have never had to uninstall it.

 

I will leave it for those with experience to hand-hold you as you :-

Temporarily disable Java (if that is an option) to test its absence on the sites you use ; and

Uninstall Java ;

 

Alan

[mta]

You are correct @Warlock, you can just leave it there.

FF has it disabled.

Most of us who have removed it, did it due to its increased security vunerabilities.

FF knows of this and disables the add-on.

[Winapp2.ini]

FWIW Flash (also a notoriously security-prolematic plugin) can be replaced with Shumway for most people's needs (youtube supported, but I had to set some special preferences to actually get it to work - YMMV)

 

https://github.com/mozilla/shumway

[Alan_B]

You are correct @Warlock, you can just leave it there.

FF has it disabled.

I think I agree, assuming that no non-Firefox browser will run and allow Java to act.

[Alan_B]

FWIW Flash (also a notoriously security-prolematic plugin) can be replaced with Shumway for most people's needs (youtube supported, but I had to set some special preferences to actually get it to work - YMMV)

 

https://github.com/mozilla/shumway

I loved the idea of removing Flash,

but then I saw the replacement used Javascript.

 

Rock and a Hard Place springs to mind

I hope Javascript is kind to me.

[Andavari]

I loved the idea of removing Flash,

but then I saw the replacement used Javascript.

 

It has to use something though as it's "engine."

 

I'm hoping and wishing there's some coding for Chromium-based browsers that will at some point completely replace Flash which just gets automatically updated when installing a new browser version being that it could be built into the browser itself. And then Flash could be buried next to Java.

[Nergal]

once html5 media decoding is universal that'll happen, but not til then.