Mozilla touts 'Click to Play' in defense against Java vulnerability

Summary:Mozilla has chimed in with its own tips and resources amidst the brewing Java vulnerability scare.


As worries about the Java 7 Update 10 vulnerabilities continue to escalate, Mozilla has addressed the issue in reference to how this concerns Firefox.

Michael Coates, director of Security Assurance at Mozilla, wrote in a blog post on Friday afternoon that Firefox users could be vulnerable if they have the current version of the Java plugin installed on their browsers.

More about Java on ZDNet:

In case you're not aware, another zero day vulnerability related to Java was discovered to be actively being exploited in the wild, according to a number of security researchers and reports on Friday .

This particular Java 7 weakness is said to be so detrimental that the U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers altogether.

At this point in time, Oracle (the owner of Java) hasn't released a security update or patch to remedy the issues.

Coates explained that in fairly clear terms what could happen here:

An attacker could exploit this vulnerability to execute malicious software on a victim’s machine. This vulnerability is being actively used in attacks and the malicious exploit code is also available in common exploit kits.

For Firefox users, Coates touted the "Click to Play" security feature, which is basically used to halt loading plugins before they're clicked -- or block them altogether.

In reference to Java, this means the plugin won't load until the user clicks on the permission pop-up to do so. Thus, until a patch is rolled out, don't give permission.

Coates added that Firefox users with older versions of Java should be already protected by existing plugin blocking or Click To Play defenses.

Screenshot via Mozilla Security Blog

Topics: Security, Enterprise Software, Oracle


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.