On 3/3/13 12:23 PM, Rickles wrote: > MCBastos wrote: >> Interviewed by CNN on 02/03/2013 15:51, question told the world: >> >>> My wife has not used her computer this week.. So this explains why >>> Java works on hers this morning..on pogo >>> Block list has not been updated more in likely. >>> Both computers are identical... >>> But her JAVA is 7u10 >>> Mine is 7u15 >>> I told her not to update her Java . >>> >>> Reading the bugzilla. We are being Blocked Because FACEBOOK got hacked.. >>> >>> Could be FACEBOOK does not have Java Configured Correctly . So Ever >>> other WEBSITE that uses JAVA has to Suffer Because The Almighty >>> FACEBOOK's Security is not Enabled correctly . >>> >>> Let Facebook take care of itself . >> >> I think you misunderstood the issue. >> >> The problem is not that a few computers belonging to Facebook engineers >> got hacked; the problem is that this event demonstrates that: >> >> a) There is a bug in Java >> b) Which is ALREADY BEING EXPLOITED by hackers. >> >> If this exploit only affected Facebook, there would be no reason for >> worry. But the thing is, it DOES present a risk for EVERY user. Facebook >> can take care of itself, but most small users CANNOT. It's to protect >> those small users that the block has been implemented. So, for the >> moment, it's considered dangerous to have Java running automatically. >> >> Even if the latest exploit has been band-aided, the recent pattern of >> security problems with Java raises serious doubts about its overall >> security. Simply stated, Java is no longer worth the trust of Internet >> users -- until such a time as it can regain that trust, Mozilla opted to >> place it in the "click-to-run" category, which needs an explicit "OK" >> from the user every time it is invoked by a site. >> >> Staying with an older Java release won't help; if anything, it will be >> worse, since those older releases are bound to be even more emphatically >> blocked. >> > You raise a point I'd appreciate clarification on: explicit OK from the > user. The problem several of us have is that, when visiting a site > which uses Java, we are not ASKED if it's OK to run Java, the site > simply fails. Despite continually un- and re-installing Java to allow > for 'clean' installs, certificate updates, etc., we're not being > prompted to click a permissions dialog, we're simply A) told by the web > site that we don't have Java running, or B) nothing happens at all. > > The current state of the Java 7u15 plugin states this plugin is known to > have vulnerabilities, but nothing actually says it's blocked (at least > on my machine at the mo.) In fact, the 'disable' button is available if > I want to turn it off, which infers it's still running. But the Pogo > web site now looks for Java before allowing a Java-based game to run, > and it tells me I haven't got Java installed. > > And that's contradictory, based on the observed interface. >
When you go to a Web page that uses Java but the blocklist prevents Java from running, you should see an icon at the left end of the URI bar (address bar). The icon resembles a small Lego block. Click on that icon to get a pull-down menu to override the blocklist for that Web page. No, this is NOT intuitive and definitely NOT user-oriented. And no, I know of no way to undo the override. -- David E. Ross <http://www.rossde.com/> Are taxes too high in the U.S.? Check the bar graph at <http://www.rossde.com/taxes/trickling.html> to see. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
