Recently security vulnerabilities were discovered in the Java Plug-In1. As a protection for the end user, Java in most browsers was disabled promptly. What do the ‘Java disabled’ warnings look like?
Does the blocking of applets also affect Java Web Start apps. (they are launched from a link in a web page) aimed at desktop use?
- Security vulnerability in the Oracle Java Plug-In. For more details see:
- The JRE 1.7 Vulnerability Q&A at SO.
- Oracle Security Alert for CVE-2013-0422
- The Java™ SE Development Kit 7, Update 11 (JDK 7u11) release notes – the version in which the vulnerability was fixed.
What do the ‘Java disabled’ warnings look like?
This is how Oracle’s test Java page appears now. It is an embedded applet.
FireFox
Chrome
Message in yellow bar at top of browser:
Shown in place of applet, and on right click produces menu..
Note re version 1.7.0_11
Java version 1.7.0_11 that fixes the bug, mentioned in the last link in the question, does not enable the browsers again. Those warnings above were seen despite that this info. can be seen after enabling the plug-in for either browser..
It might indicate that the Oracle fix for the bug is to permanently load applets in this ‘prompted for every one’ way. That might not be a bad thing.
Does the blocking of applets also affect JWS apps?
No it does not. Just applets (and applets embedded using JWS).
Here is how you might see a JWS app. deployed using
deployJava.jswhich (checks for the JRE and) shows an icon like this (without prompt – if installed).If launching (for example) the JavaFX 1.2 demo. – Powerful UI Capabilities With Node-Based Controls I see the icon for launching the JWS app. At the same (security vulnerability) time I still see that warning on the applet mentioned above.
Note that the Java FX demo. does itself have security risks/prompts for ‘application components that might indicate a security concern’ from ‘mixing signed & unsigned code’.