Mozilla has announced to block older versions of Java Development Kit (JDK) and Java Runtime Environment (JRE) plug-ins for Firefox to save users from the possible vulnerabilities. Users have been advised to update their JDK and JRE installations in order to update these browser plugins. Oracle has already released updates fixing these critical vulnerabilities through its February 2012 advisory which can permit the loading of arbitrary code on end-user’s system.
To check status of enabled plug-ins in Firefox, users should visit this plug-in checker page (see the screenshot below). This page detects older versions of the plug-ins and provides links to update them. Currently, only Windows and Linux platforms have got update for JRE plug-in. As Java plugin on Mac is directly provided by Apple, Mac users need to wait.
JRE version below 1.6.0_31 or between 1.7.0 and 1.7.0_2 is affected with the reported vulnerabilities. Although, the Java plug-in will be disabled due to the above action taken by Mozilla, users can enable it manually if they accept the risks described.
Browser plug-ins, like Java and Flash plug-ins, have been a serious threat for long. With the metro version of Internet Explorer 10, Microsoft has taken a big step towards making browsers plug-in free. This applies to all metro apps on Windows 8 including metro versions of other browsers.