MozillaZine

running after java updates

Discussion of general topics about Seamonkey
giul51
 
Posts: 12
Joined: March 3rd, 2016, 5:20 pm

Post Posted April 2nd, 2016, 2:18 pm

I am using SeaMonkey since many years. Recently I am realizing that the blockings concerning unsecure/too-old java version are becoming very frequent, so much that they are getting really annoying. SM starts to complain on Java plugin just a few weeks old, and on the other side it becomes impossible to browse pages (even from reliable sites) that contains java applets just a bit "old-fashion".
Is that a general occurrence or there is something wrong with my settings ? Are the Java releases getting so bad that they need "security -important " fixes every now and then, or is SM too much rigid on that ?

trolly
Moderator

User avatar
 
Posts: 39882
Joined: August 22nd, 2005, 7:25 am

Post Posted April 2nd, 2016, 2:27 pm

Every time a new Java version is released the old one is blocked for security reasons. Usually a new version is released when one or more security holes are fixed.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

rsx11m
Moderator
 
Posts: 14423
Joined: May 3rd, 2007, 7:40 am
Location: US

Post Posted April 2nd, 2016, 2:32 pm

It's a general issue on Oracle's side, which is maintaining the Java code. They are releasing new versions with bug fixes on a rather frequent basis, which on one hand is good as vulnerabilities are fixed, on the other hand bad given that the user has to update frequently as well. The current version is Java 8, Update 77, which was released March 23.

James
Moderator

User avatar
 
Posts: 27210
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted April 2nd, 2016, 5:17 pm

https://addons.mozilla.org/seamonkey/blocked/

Reasons for blocking Plugins and even Extensions are are mentioned at https://wiki.mozilla.org/Blocklisting

Oracle plans to drop their vulnerable Java Plugin.
https://blogs.oracle.com/java-platform-group/entry/moving_to_a_plugin_free

giul51
 
Posts: 12
Joined: March 3rd, 2016, 5:20 pm

Post Posted April 3rd, 2016, 6:38 am

Thanks for the replies.
Waiting for the plugins to be dropped, I would like to know if I can somehow bypass the block and accept the risk to run an "old" plugin, and (with an updated or un-updated plugin) to be able to run "old" applets on trustful sites. If I well remember, it was in the past allowed in the Plugin Manager that the user might choice to do so. Nowadays the plugin is totally blocked: by SM, by Java or by both ? Any chance that this nuisance might be alleviated?

trolly
Moderator

User avatar
 
Posts: 39882
Joined: August 22nd, 2005, 7:25 am

Post Posted April 3rd, 2016, 6:41 am

Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

giul51
 
Posts: 12
Joined: March 3rd, 2016, 5:20 pm

Post Posted April 5th, 2016, 7:13 am

Thanks, that is actually what I was looking for, either for Java and for FlashPlayer infact.
May I suggest to developers to make it easier and incorporate the choice into the Add-on Manager?
possibly, allowing to toggle the choice per each plug-in. That would allow to access momentarily certain
trustable sites with old apps, and re-establish then the protection for general surfing.

rsx11m
Moderator
 
Posts: 14423
Joined: May 3rd, 2007, 7:40 am
Location: US

Post Posted April 7th, 2016, 3:33 pm

This particular code is actually managed mostly by Firefox, which is why the Add-ons Manager looks the same in SeaMonkey, Thunderbird, and Firefox (SeaMonkey switched to it with 2.0). Thus, modifying the pages by adding some checkbox for each entry "run even if it's outdated or known to be vulnerable" would have to be suggested to the Toolkit developers. Given that the blocklisting mechanism is currently expanded to download the blocklist for the "cloud" rather than just getting those with the regular updates of the application, thus making the blocklisting of "bad" add-ons even quicker, I'd think that they would be rather reluctant to add that option visibly to the manager.

On the other hand, SeaMonkey itself could provide a checkbox for the extensions.blocklist.enabled in, let's say, Edit > Preferences > Advanced > Scripts & Plugins, something like "Warn me if an add-on or plugin is on the blocklist" - but again, may not get approval given that it's a potentially dangerous option that shouldn't be exposed in the user interface like that, thus easily being triggered by an unsuspecting user who may just want to "fix something" with a plugin.

Return to SeaMonkey General


Who is online

Users browsing this forum: No registered users and 1 guest