Is the latest version of Java still a security risk?
According to the link in the plugin manager defining it as insecure it points to a bug report posted almost 4 years old and the status says it has been resolved. So if it is that old and marked as resolved why does it still class the plugin as insecure? I understand this plugin has been the bane of browser security but honestly if you cannot properly class it how are we supposed to trust the Mozilla team to post accurate and up to date information?
Chosen solution
The Java Platform Plugin is ok as long as it is the newest, but the Java Deployment Toolkit Plugin continues to be vulnerable. Few end users ever need the Deployment Toolkit, it is mostly used by Java developers and some institutional users.
In the years before Oracle bought out Sun Microsystems (2010) the Deployment Toolkit didn't come with the end user Java software package, it was part of a separate Java Developers Kit.
Read this answer in context 👍 2All Replies (1)
Chosen Solution
The Java Platform Plugin is ok as long as it is the newest, but the Java Deployment Toolkit Plugin continues to be vulnerable. Few end users ever need the Deployment Toolkit, it is mostly used by Java developers and some institutional users.
In the years before Oracle bought out Sun Microsystems (2010) the Deployment Toolkit didn't come with the end user Java software package, it was part of a separate Java Developers Kit.