This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Is the latest version of Java still a security risk?

more options

According to the link in the plugin manager defining it as insecure it points to a bug report posted almost 4 years old and the status says it has been resolved. So if it is that old and marked as resolved why does it still class the plugin as insecure? I understand this plugin has been the bane of browser security but honestly if you cannot properly class it how are we supposed to trust the Mozilla team to post accurate and up to date information?

According to the link in the plugin manager defining it as insecure it points to a bug report posted almost 4 years old and the status says it has been resolved. So if it is that old and marked as resolved why does it still class the plugin as insecure? I understand this plugin has been the bane of browser security but honestly if you cannot properly class it how are we supposed to trust the Mozilla team to post accurate and up to date information?

Chosen solution

The Java Platform Plugin is ok as long as it is the newest, but the Java Deployment Toolkit Plugin continues to be vulnerable. Few end users ever need the Deployment Toolkit, it is mostly used by Java developers and some institutional users.

In the years before Oracle bought out Sun Microsystems (2010) the Deployment Toolkit didn't come with the end user Java software package, it was part of a separate Java Developers Kit.

Read this answer in context 👍 2

All Replies (1)

more options

Chosen Solution

The Java Platform Plugin is ok as long as it is the newest, but the Java Deployment Toolkit Plugin continues to be vulnerable. Few end users ever need the Deployment Toolkit, it is mostly used by Java developers and some institutional users.

In the years before Oracle bought out Sun Microsystems (2010) the Deployment Toolkit didn't come with the end user Java software package, it was part of a separate Java Developers Kit.