Tuesday, April 20, 2010

Java Development Toolkit issues with Firefox

image

image

The "Java Deployment Toolkit" that is highlighted in the list of plugins is part of Java and is an insecure version. It's been blocklisted. See: https://www.mozilla.com/blocklist/

Java Deployment Toolkit, versions 6.0.200.0 and older. Reason: security vulnerabilities (see bug 558584).


According to Secunia Advisory SA39260 you should update to Java 6 Update 20 to resolve the issue. Note that, according to US-Cert Vulnerability Note VU#886582 updating to Java 6 Update 20 may still leave you vulnerable to the exploit in some cases. After updating Java you should search for and remove any remaining copies of "npdeploytk.dll" (or rename to "Xnpdeploytk.dll", which is what I did). See this forum topic for more information:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=111317
Your list of plugins shows an outdated Java 5 Update 22 plugin. You should make sure to uninstall older Java versions and remove any outdated Java files in your Program Files\Mozilla Firefox\plugins folder. See http://kb.mozillazine.org/Java#On_Windows if you need help updating or uninstalling Java. For help with other plugins, read http://kb.mozillazine.org/Issues_related_to_plugins and go through the related articles here http://kb.mozillazine.org/Category:Plugins

In other words, after updating to Java 6 Update 20, the C:\Program Files\Mozilla Firefox\plugins folder should have included an updated and enabled Java Deployment Toolkit plugin named npdeployJava1.dll and the old npdeploytk.dll file should have been gone from that location (it was for me). If an old npdeploytk.dll plugin remained there (or in the "C:\Program Files\Java\jre6\bin\new_plugin\" folder) then it would still show up in the Tools -> Add-ons -> Plugins list as "Java Deployment Toolkit" with the old version number but it should be disabled by the blocklist. If the OLD version is still enabled it should be manually disabled. If you want to get the OLD version of the Java Deployment Toolkit out of the Plugins list you can delete all copies of the file npdeploytk.dll from your system (or rename to Xnpdeploytk.dll ).

No comments:

Post a Comment

Thank you for your feedback