cancel
Showing results for 
Search instead for 
Did you mean: 

Java - new zero day vulnerability - new release Java 7u11

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Java - new zero day vulnerability - new release Java 7u11

http://www.theregister.co.uk/2013/01/10/java_0day/
Quote
A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems.
The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant Oracle, according to Jaime Blasco, head of labs at security tools firm AlienVault.
Now the really interesting part for me is I use Firefox with the fully up to date version - and Firefox has disabled it by itself
32 REPLIES 32
csogilvie
Grafter
Posts: 5,852
Registered: ‎04-04-2007

Re: Java - new zero day vulnerability

There's a method built in to Firefox where Mozilla can add addons and plugins to a blacklist, so Firefox will automatically disable them... so that's not really a huge surprise Smiley
Do (m)any websites actually still use Java applets these days?
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Java - new zero day vulnerability

Quote from: Oldjim
I use Firefox with the fully up to date version

Huh
I'm running Java(TM) Platform SE7 U9 10.9.2.5
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Java - new zero day vulnerability

Now that is interested - I just ran the update check and it doesn't check plugins which are disabled
So once disabled it stays disabled for ever unless a new version is installed by a third party and then both versions seem to be there
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Java - new zero day vulnerability

I think you need to go through the total removal of Java procedure and start again.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Java - new zero day vulnerability

I just enabled it and ran the check and it says it is up to date - now disabled again
I also did a reinstall 2 days ago and running it again it shows as being up to date
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Java - new zero day vulnerability

Quote from: jelv
I think you need to go through the total removal of Java procedure and start again.

Did you do a full Java uninstall first? http://www.java.com/en/download/uninstall.jsp
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Java - new zero day vulnerability

No I didn't as I thought that wasn't necessary any more - now going to do it - but won't reinstall unless I really need it
Also removing JavaFX as I have no idea where that came from
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Java - new zero day vulnerability

Also I have been through my PC (Win7) and SWBO (XP) and updated or removed a few addons.
The most difficult needed a dll delete having found the source using about:plugins but the worst was a blocked uplay plugin which was really well hidden (it was in the ubisoft directory and wasn't listed in the about:addons list)
Razer
Grafter
Posts: 1,398
Thanks: 8
Registered: ‎17-11-2012

Re: Java - new zero day vulnerability

Thank you for the notice of this, Jim. Timely, as I was just about to create new backups before updating my Mozilla applications.
w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

Re: Java - new zero day vulnerability

https://blog.avast.com/2012/08/30/how-do-i-disable-java-in-my-browser/ could be a useful guide for some (like me).
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Java - new zero day vulnerability

Very interesting, Jim.....
I use the following website quite a lot......
http://www.ship-tracking.co.uk/Main%20Menu/
click on SOLENT in the first box ( AIS MAPS )..... and the solent and I.o.W map appears, then the ships positions appear, then the map disappears.....
I reported it to the web owner, who advised me to disable the Jave cache.... and it cured the problem..... that was this morning..... 
been off out all day, and just tried it again.... and the map disappears... so it looks like Firefox has done the deed again, and disabled Java.....
Reported to the website owner, just now, with a linky to this thread....
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Java - new zero day vulnerability

Anyone else having problems with this site?
http://www.ship-tracking.co.uk/AIS%20Maps/solent.html
The background map disappears for me..... Website owner also uses FF, he said it reported Java shut down... but he still sees the map as a background to the ship positions as normal....
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Java - new zero day vulnerability

This is what I get with Firefox - I don't have Java installed
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Java - new zero day vulnerability

I could only see one tiny Java applet on that ship-tracking.co.uk page, I did not succeed in getting the Java applet to work, but because it's called SerifMarquee.class I'm guessing it's supposed to display some scrolling text beside "Please click this" in the top left corner. Not a vital part of the page.
The map works fine regardless of Java. I think the only problem was it once scrolled itself to the bottom of the page, where there is a big empty space, but I could not repeat that.