Java 7 update 11 has been released (Patches 2 Zero-Day bugs)
Allegedly, anyway...https://blogs.oracle.com/security/
Oracle Security Alert for CVE-2013-0422
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
Download:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/en/
ManiacJoe
(10,136 posts)It barely qualifies as a band-aid.
Earth Bound Misfit
(3,554 posts)but the changing of the default security level is not the "featured" fix it is in addition to the patching of the two bugs that comprised the zero-day vulnerability:
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
Emphasis mine. The 2 bugs had a CVSS score of 10.0 the highest rating on it's scale.
CountAllVotes
(20,868 posts)My main computer is gone now. I have a few old ones I can still get online with however and I am not inclined to purchase anything else at this point.
I'm bored and tired with the whole damn thing.
CountAllVotes
(20,868 posts)I have to disable Java 7 U 11 on my computers. It says the same thing still.
>>>Java Plugin 7 update 11 and lower (click-to-play), Windows has been blocked for your protection.
and ...
>> Java Plugin 7 update 11 and lower (click-to-play), Windows has been blocked for your protection.
Why was it blocked?
The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.
Who is affected?
All users who have these versions of the plugin installed in Firefox 17 and above.
What does this mean?
The problematic add-on or plugin will be automatically disabled and no longer usable.
It says in Firefox 17 this is a problem. Should I revert back to Firefox 16? Would this help/solve this problem?
This really sucks and sucks badly!
Phillip McCleod
(1,837 posts)got to 'tools > add-ons' and look through plug-ins and extensions and disable anything with the word 'java' in it.
you can get extreme if you want and uninstall java too. for that go to start > control panels > programs > remove or change a program and uninstall anything java related.
i haven't encountered any machines choking on java 7u11 that bad yet though. sucks to be the test case.
CountAllVotes
(20,868 posts)Back on the old A20m ThinkPad again here.
Unbelievable!
I have it disabled on everything as that is the default at this point I have finally figured out.
They (Oracle) knows that it is still a huge problem, hence the reason it comes up saying to disable it.
I really believe the goal is to get us to buy new computers, that is my suspicion!
Well, that is not going to happen around here.
Thank you!!!
femmocrat
(28,394 posts)I need Java for a small chatroom that I frequent. Is this ever going to be fixed so that we can trust it? I emailed the support line at the chatroom, but haven't heard back from them yet.
We disabled Java on both Firefox (after receiving a red warning box) and IE (which I never use), where it was still lurking. I don't know what to do here because I want to continue the chatroom. I would really miss my friends there.
Thank you very much in advance.
Earth Bound Misfit
(3,554 posts)I would enable it in Firefox as they have implemented "click to play" on a site by site/ instance by instance basis.
Also see new "Mega" Patch available Java 7 update 13: http://www.democraticunderground.com/10955086
Hope this helps.
femmocrat
(28,394 posts)I will give it a try.