running after java updates

[giul51]

I am using SeaMonkey since many years. Recently I am realizing that the blockings concerning unsecure/too-old java version are becoming very frequent, so much that they are getting really annoying. SM starts to complain on Java plugin just a few weeks old, and on the other side it becomes impossible to browse pages (even from reliable sites) that contains java applets just a bit "old-fashion".
Is that a general occurrence or there is something wrong with my settings ? Are the Java releases getting so bad that they need "security -important " fixes every now and then, or is SM too much rigid on that ?

[trolly]

Every time a new Java version is released the old one is blocked for security reasons. Usually a new version is released when one or more security holes are fixed.

[rsx11m]

It's a general issue on Oracle's side, which is maintaining the Java code. They are releasing new versions with bug fixes on a rather frequent basis, which on one hand is good as vulnerabilities are fixed, on the other hand bad given that the user has to update frequently as well. The current version is Java 8, Update 77, which was released March 23.

[James]

https://addons.mozilla.org/seamonkey/blocked/

Reasons for blocking Plugins and even Extensions are are mentioned at https://wiki.mozilla.org/Blocklisting

Oracle plans to drop their vulnerable Java Plugin.
https://blogs.oracle.com/java-platform- ... lugin_free

[giul51]

Thanks for the replies.
Waiting for the plugins to be dropped, I would like to know if I can somehow bypass the block and accept the risk to run an "old" plugin, and (with an updated or un-updated plugin) to be able to run "old" applets on trustful sites. If I well remember, it was in the past allowed in the Plugin Manager that the user might choice to do so. Nowadays the plugin is totally blocked: by SM, by Java or by both ? Any chance that this nuisance might be alleviated?

[trolly]

Maybe this helps:
https://support.mozilla.org/de/questions/949746

[giul51]

Thanks, that is actually what I was looking for, either for Java and for FlashPlayer infact.
May I suggest to developers to make it easier and incorporate the choice into the Add-on Manager?
possibly, allowing to toggle the choice per each plug-in. That would allow to access momentarily certain
trustable sites with old apps, and re-establish then the protection for general surfing.

[rsx11m]

This particular code is actually managed mostly by Firefox, which is why the Add-ons Manager looks the same in SeaMonkey, Thunderbird, and Firefox (SeaMonkey switched to it with 2.0). Thus, modifying the pages by adding some checkbox for each entry "run even if it's outdated or known to be vulnerable" would have to be suggested to the Toolkit developers. Given that the blocklisting mechanism is currently expanded to download the blocklist for the "cloud" rather than just getting those with the regular updates of the application, thus making the blocklisting of "bad" add-ons even quicker, I'd think that they would be rather reluctant to add that option visibly to the manager.

On the other hand, SeaMonkey itself could provide a checkbox for the extensions.blocklist.enabled in, let's say, Edit > Preferences > Advanced > Scripts & Plugins, something like "Warn me if an add-on or plugin is on the blocklist" - but again, may not get approval given that it's a potentially dangerous option that shouldn't be exposed in the user interface like that, thus easily being triggered by an unsuspecting user who may just want to "fix something" with a plugin.