Plugin Status Check reports latest Java x64 as vulnerable
Last night I updated all plugins to show the green "Up to date" buttons in the Plugin Status Check website. However, this morning, it reports that the Java plugin is vulnerable (note: not 'out of date'). Is there a new revealed vulnerability in Java publicized in the last few hours?
There is no new version of Java as of now, as the latest is Java 8 Update 45, released on April 14, 2015. Although it may be of importance to note that I first installed 32-bit version of Java to get the green "Up to date" status, but later also installed the 64-bit version of Java (as I need it instead for my 64-bit Eclipse). Could this have caused the vulnerability flag to trigger? Is there a vulnerability in 64-bit Java that is not present in the 32-bit installation?
I saw a few similar questions on Flash plugin, but I already disabled Flash completely. This is concerning Java.
I am running 32-bit Firefox for Windows. I am on Windows 7.
Izmjenjeno
Izabrano rješenje
A 32 bit Firefox version will only look at 32 bit Java version.
Note that Java is affected as well.
- [/forums/contributors/711412] Hacking Team and Flash and Java 0-days!
- http://arstechnica.com/security/2015/07/two-new-flash-exploits-surface-from-hacking-team-combine-with-java-0-day/
- http://www.zdnet.com/article/two-further-critical-flash-zero-days-appear-from-hacking-team-breach/
Svi odgovori (2)
Odabrano rješenje
A 32 bit Firefox version will only look at 32 bit Java version.
Note that Java is affected as well.
- [/forums/contributors/711412] Hacking Team and Flash and Java 0-days!
Understood about 32-bit. It is as expected, so I suppose my 64-bit Java installation should not have done anything.
I gather that those articles are posted two days ago, so it should be as recent as it can get. And Oracle is still working on a fix, and that's why there's no new version of Java to update from the vulnerable latest version.
I think I will take the advice and disable Java completely. :)
I think the Plugin Check site has to be enhanced to notify its users that vulnerable plugins may not necessary be out of date. They could be up to date but open to a recently discovered vulnerability. And that it's recommended to keep them disabled until the vulnerability is fixed in a future release.
Izmjenjeno