firefox blocks java

Fri Dec 20 18:55:45 UTC 2013

On Fri, Dec 20, 2013 at 12:45 PM, Tommy Trussell
<tommy.trussell at gmail.com>wrote:

> On Fri, Dec 20, 2013 at 12:47 AM, thufir <hawat.thufir at gmail.com> wrote:
>
>> On Thu, 19 Dec 2013 22:22:33 -0600, Tommy Trussell wrote:
>>
>> >> I appreciate the security angle, but I wonder how much of that is
>> >> specific to Windows.
>> >>
>> >>
>> > The Java vulnerabilities I have heard of are specific to *Java*, which
>> > runs on Windows, Mac OS and many cell phones and embedded devices. Java
>> > has access to your network, your hard drive, your camera, your
>> > microphone... just about everything on your system. That's why folks get
>> > antsy about vulnerabilities in it.
>>
>>
>> I get your point, and it's not to troll this topic, I'm actually curious.
>> I found:
>>
>> http://permalink.gmane.org/gmane.linux.ubuntu.security.announce/1560
>>
>> in the ubuntu security mailing list.  Granted, I only downloaded the
>> latest 999 headers for the security mailing list, but that dates back to
>> 2011 and was the only one with "Java" in the subject relating to a JVM.
>> Granted, there were some Apache libraries with vulnerabilities, but that's
>> specific to a library, not the VM itself.  Presumably, it's sandboxed...?
>>
>
> I am not sure what distinction you may be drawing between various
> components but here's one of many articles I have seen:
>
>
>
> http://www.securelist.com/en/analysis/204792310/Kaspersky_Lab_Report_Java_under_attack_the_evolution_of_exploits_in_2012_2013
>
>
>

On closer inspection that article is somewhat of an advertisement. However
I think you can glean from it that the major threat is not Java alone, but
Java embedded in web sites that exploit vulnerabilities -- the places you
can jump OUT of the sandbox, essentially.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20131220/a94b6ab8/attachment.html>