Browser Plugin Vulnerability Alerts

Normally, I don’t re-post from my Firefox Blog, but these browsers plugin vulnerabilities affect other browsers (such as Chrome & Safari) besides Firefox.

  • Dangerous vulnerability in latest Java version
    • Version: Java 7 Update 10
    • Issue: Can be used for Cyber attacks (even on fully patched Windows machines)
    • Recommend Action: Browser plugin should be disabled or sandboxed (see Work Around below))
    • Work Around: For those who MUST have Java, use Firefox 17 is or newer. The Java plugin will be installed but ‘sandboxed’. The plugin will not execute/run until the user gives permission ‘click to play‘ on a per site basis. The user will be prompted that the site needs Java run and if the user knows this site is “trusted”, they can choose to enable the plugin on this site only and for that session only. Users who get the prompt on a site they would not normally use Java should NOT allow the plugin to run.
    • Notes: If you have to ask if you need Java, the answer is ‘no’. Also, don’t confuse Java with JavaScript, they are two completely different things. JavaScript is a scripting language on web page which tells the browser how to display a web page. Java is an environment used to run web apps (FTP clients, Chat clients, Virtual environment clients) from within your browser. Java is running/being processed on a server which your browser needs a plugin to “interact” with the server.
  • Foxit Reader can execute malicious code
    • Version:  5.4.4.1128. Plugin version 2.2.1.530
    • Issue: Security hole can be exploited to inject malicious code
    • Recommend Action: Disable browser plugin
    • Work Around: Have the browser download on open the PDF in the main Foxit application   (which is safe…see notes) instead of within the browser.
    • Notes: This does not affect the Foxit (PDF) Reader application itself, only the browser plugins.

How to disable plugins:

  • Firefox: in the address bar type about:addons and press enter. The add-ons manager will open. On the left side select Plugins. Locate the plugins you want to disable and click the Disable button. Note: a browser restart may be needed
  • Chrome: in the address bar type chrome://plugins/ and press enter. The Plug-ins manager will now be opened. Locate the plugins you want to disable and click the ‘disable’ link in the the lower left corner.
  • Safari: see directions here.