Following recent reports of new Java vulnerability being exploited to execute malicious piece of software on vulnerable systems, Mozilla has taken steps to protect its user base from the yet unpatched vulnerability. Mozilla has added to its Firefox add-on block-list Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37.
Mozilla notes on its blog, “There is no patch currently available for this issue from Oracle.”
“To protect Firefox users we have enabled Click To Play for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38).”
Users who have installed version 17 or higher will have the ‘Click To Play’ feature enabled whereby they will be prompted if a plugin is vulnerable and it will only execute if they explicitly give their consent. The ‘Click To Play’ feature helps protect users from drive by downloads which are normally carried out through exploitation of vulnerable add-ons and / or plugins.
More information about blocked plug-ins can be found here.