On 01/13/2013 04:42 PM, Philip TAYLOR wrote: > Which analyst(s) say is still too risky to deploy : > > > http://www.reuters.com/article/2013/01/13/us-java-oracle-security-idUSBRE90C0JB20130113 > > Personally I have deployed the upgrade but still > left it disabled in my browsers. > > Philip Taylor > --------Paul B. Gallagher wrote: > >> Update: Oracle has released an update to close the door. >> >> <http://news.cnet.com/8301-1009_3-57563730-83/oracle-releases-software-update-to-fix-java-vulnerability/> >
And the US Department Of Homeland Security: <http://www.reuters.com/article/2013/01/14/us-java-oracle-security-idUSBRE90D10P20130114> Of course Reuters don't bother to provide a cite link, so I have: <http://www.kb.cert.org/vuls/id/625617> <quote> Solution Update to Java 7u11 Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe vulnerability (CVE-2012-3174). Immunity[1] has indicated that only the reflection vulnerability has been fixed. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future. </quote> Added note: Windows users - if you have javafx installed, you must either uninstall it, or update it to the latest 2.2.4 version after you update the Java7U11 in order for Firefox or SeaMonkey to recognize java. Javafx update link is here: <https://www.java.com/en/javafx/> If you absolutely have to run java in FF or SM, I highly recommend installing Prefbar so that you can easily turn on/off java simply by checking the Java box. <https://addons.mozilla.org/en-us/seamonkey/addon/prefbar/> <http://prefbar.tuxfamily.org/help/buttons.html#java> [1] <http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html> _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey