-
Enhancement
-
Resolution: Won't Fix
-
P4
-
7u45, 8, 9
-
windows_8
A DESCRIPTION OF THE REQUEST :
When using deployJava.js to check the version of Java, Firefox 24 and above (tested on Firefox 26) shows a warning message:
"Activate Java Deployment Toolkit. This plugin has known vulnerabilities".
The reason is documented here: https://addons.mozilla.org/en-US/firefox/blocked/p428
Why was it blocked?
The Java Deployment Toolkit plugin is known to be insecure and is unnecessary in most cases. Users should keep it disabled unless strictly necessary.
JUSTIFICATION :
The use of the Deployment Tookit plugin is not necessary in Firefox because the Java version may be successfully detected using the object window.mimeTypes by deployJava.js.
The warning message has a negative impact on the user experience.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
When checking the installed Java version, the warning question "Activate Java Deployment Toolkit. This plugin has known vulnerabilities" should not appear in Firefox.
CUSTOMER SUBMITTED WORKAROUND :
in deployJava.js, change the allowPlugin method by:
allowPlugin: function() {
this.getBrowser();
var ret = ('Safari' != this.browserName2 &&
'Opera' != this.browserName2 &&
// Firefox added in the list of exceptions
'Firefox' != this.browserName2);
return ret;
},
When using deployJava.js to check the version of Java, Firefox 24 and above (tested on Firefox 26) shows a warning message:
"Activate Java Deployment Toolkit. This plugin has known vulnerabilities".
The reason is documented here: https://addons.mozilla.org/en-US/firefox/blocked/p428
Why was it blocked?
The Java Deployment Toolkit plugin is known to be insecure and is unnecessary in most cases. Users should keep it disabled unless strictly necessary.
JUSTIFICATION :
The use of the Deployment Tookit plugin is not necessary in Firefox because the Java version may be successfully detected using the object window.mimeTypes by deployJava.js.
The warning message has a negative impact on the user experience.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
When checking the installed Java version, the warning question "Activate Java Deployment Toolkit. This plugin has known vulnerabilities" should not appear in Firefox.
CUSTOMER SUBMITTED WORKAROUND :
in deployJava.js, change the allowPlugin method by:
allowPlugin: function() {
this.getBrowser();
var ret = ('Safari' != this.browserName2 &&
'Opera' != this.browserName2 &&
// Firefox added in the list of exceptions
'Firefox' != this.browserName2);
return ret;
},