Firefox and Apple have blocked Java while U.S. Homeland Security recommends everyone disable it, because of vulnerabilities


Late last year Java was hit with multiple vulnerabilities one after another. Earlier this week another Java exploit was discovered, one that is being actively exploited on the internet by criminals. Due to Java’s seemingly endless security issues, and the fact that the latest exploit is being “massively exploited in the wild”, many (including dotTech) have suggested everyone to uninstall Java or atleast disable it in browser. Now three large groups are adding weight behind the anti-Java call — Mozilla, Apple, and United States Department of Homeland Security.

Mozilla recently introduced a click-to-play feature in Firefox 17 that disabled outdated or vulnerable plugins. The latest versions of Java (Java 7u10, Java 7u9, Java 6u37, and Java 6u38) are now considered by Mozilla to be vulnerable and thus added to the plugin blacklist. Anyone that has Java installed and runs Firefox 17 and higher will be hit with a “this plugin is vulnerable and should be updated” message. This means until Java 7u11 and Java 6u39 is released and the latest vulnerability has been patched, Java is disabled by default in Firefox — you have to manually enable it if you want to use it.

Similar to Mozilla, Apple has issued an update to Mac OS X’s built-in anti-malware system to block Java 7 from running on Macs. Java 7 will not be allowed to run on Macs until it is updated to patched version by Oracle.

Lastly, the United States Department of Homeland Security has issued a public statement encouraging everyone to disable Java until Oracle issues a fix. In Vulnerability Note VU#625617, the United States Computer Emergency Readiness Team mentions “this vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits”. They go on to say “we are currently unaware of a practical solution to this problem” and recommend everyone to “disable Java in web browsers”.

Ouch? Ouch.

If you are not sure how to uninstall or disable Java, read the following guides by dotTech:

[via TNW, MacRumors, US-CERT]

Related Posts

  • antoniovfg

    This is nonsense. When java has a vulnerability, like any other systems, programs etc… they publish quickly a pach, like microsoft does all the time, or mac or linux… The web sites that runs java doesn’t need that you have the java virtual machine installed. Its is only needed in the web servers that send you the web page, without java code (different from javascript).

  • Steven

    Seems that it was just a coincidence that FDM started causing issues with Chrome (W7 x64) at the same time as I disabled Java. Disabled FDM and problem resolved.

  • DoktorThomas

    ” … U.S. Homeland Security recommends everyone disable it …” The hackers are more trustworthy than these neophytes.

    Get Revo uninstaller (free); install it; run it; click on java icon to remove it from your computer. Excellent. Keep Revo to eliminate the programs you don’t want in the future.

    My tablet is yellow with blue lines. My cell receives calls and text; and only when I feel like turning it on. Isn’t “laptop” a dance? Apples are for eating….

    Have a humorous day!!! © 2013

  • Steven

    Disabled Java as per description for Chrome. First site I went to via link on the “Online digital library JSTOR now offering free (but limited) access to everyone” article which requires Java for the Captcha sound applet. Visited the PopSci site and the videos not visible, so I undid the disable Java steps.

    Chrome now crashed every couple of seconds with message “Whoa! Google Chrome has crashed. Relaunch now?”, despite system restore, chrome uninstall and re-install.

    Anyone else have a problem like this?


  • Mary

    Ahhh! Yes, I suppose I was! See? I am clueless when it comes to that java stuff, unless of course it comes from coffee beans! ><

  • @Mary:

    Mary, you’re confusing java with javascript. Almost no modern site needs java to run, if they do, you should avoid them anyway. Most sites require javascript which noscript blocks and is not worth the trouble, unless you know what you’re doing and using it only on blacklisted sites. Javascript does not suffer from this particular vulnerability.

  • So if you need Java maybe use the Preview releases as the bug might be fixed; you can find them at At least this way you should get your updates faster than the standard releases but then again you might run into more bugs.

    I myself have been eradicating Java from all but one or two machines where I need it to access control panels for certain devices in the office. Even those I only keep it enabled in one browser not my main browser either.

  • Ashraf

    @Francoise: Here is the problem with that method. Java has vulnerabilities. What is to say Java doesn’t have a vulnerability that allows a hacker to enable Java from within the console? That is why I prefer disabling console directly from within browsers themselves or uninstalling it.

  • Francoise

    The easiest way is to disable from within the Java console.

  • Mary

    So, what happens to all the sites who use Java to build with?

    I always seem to have an issue with NoScript (FF plugin) allowing me to allow java on some sites I really want to view. Now it’s going to be worse.

    I agree that Oracle needs to get on the ball here. Why did they obtain it (from Sun Microsystems I think?) if they aren’t going to maintain it?

    And why would people even use it to build their sites with it knowing it has these issues?

    I’m not a site builder, or tech savvy on this stuff, so I really have no clue! O.o

  • Mr.Dave

    Oracle has ignored this issue for too long, they should either give Java to someone who cares or take it seriously. I tried to disable Java on my wife’s pc last night, but she had an older version that didn’t have the option to turn it off in browsers. I installed the newest version so we could turn it on and off again for trusted web sites, and as it installed a splash screen said Java is now running on over 3 Billion devices. That’s a lot of security issues. With great power comes great responsibility.

  • chuck (detailer)

    If “it” needs Java to run on my PC,then I don’t need “it”.