Mozilla Adds Vulnerable Java Plug-in Versions to Firefox Blocklist

From PC World: Mozilla has blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions.

Mozilla can add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox installations automatically query the blocklist and notify users before disabling the targeted add-ons.

"The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user's computer," said Mozilla's channel manager Kev Needham in a blog post Monday.

"This vulnerability -- present in the older versions of the JDK and JRE -- is actively being exploited, and is a potential risk to users," Needham said. "To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist."

Needham did not specify the vulnerability being actively exploited, but security companies have warned during the past couple of weeks that exploits for the CVE-2010-0507 Java vulnerability were being used in widespread attacks and have been incorporated into the popular Blackhole exploit toolkit.

View: Article @ Source Site