> * mark older versions of the Java plugin as unsafe with an update available. > * mark the most recent version of the Java plugin as unsafe without an available update. However, that block would either need to have "update available" or "update unavailable" set. The easy way to block all of Java is to make one block without version restrictions that applies to Firefox 24 and above. > * New blocks need to be staged for Java version 7 update 25 on So, if there are no future Java 6 updates planned and we already cover all existing versions, does it make sense to take any action? Would Oracle release an update in a sufficiently urgent case? > * The Java version 6 blocks need to be extended to cover all versions of > Jorge, I believe in practice this means the following:
(In reply to Benjamin Smedberg from comment #0) Tracy, are you the right person to coordinate testing the staged blocks? * New blocks need to be staged for Java version 7 update 25 on mac/windows/linux.Īlex or Bhavana, do you have an opinion of whether we can deploy these to the Beta audience immediately and let them ship with Firefox 24, or whether we should wait to deploy them a couple weeks after Firefox 24 to separate the feedback and potential issues? Oracle is no longer providing end-user updates to Java 6. * The Java version 6 blocks need to be extended to cover all versions of Java 6, including future versions. Jorge, I believe in practice this means the following: This change should be applied to Firefox 24 and later only, because we have improved the click-to-play UI so that it is more discoverable and usable. The effects of this change is that the user can still enable java permanently for particular sites, but will not be able to enable java for all sites. * mark older versions of the Java plugin as unsafe with an update available. * mark the most recent version of the Java plugin as unsafe without an available update. In order to protect most users, while still allowing users to override per-site, we intend to: The history of security vulnerabilities in Java and poor response times means that Java is likely to be permanently unsafe.
0 kommentar(er)
