We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox 28.0 is indicating that my installed Java SE 7 U51 is vulnerable (2014 03 20)

  • 9 个回答
  • 61 人有此问题
  • 1 次查看
  • 最后回复者为 tyme58dj

more options

When I use: "Tools -> Add-ons -> Plugins" and then select "Check to see if plugins are up to date", Firefox 28.0 (currently indicated as the latest, up-to-date version) signifies that the detected version of Java (currently Java(TM) Platform SE 7 U51) is "Vulnerable" and suggests an update.

The Java website indicates that Java(TM) Platform SE 7 U51 is the most current version. Downloading and re-installing Java and doing a system restart does not change Firefox's behavior, it continues to flag the Java version as needing an update.

Is there a newly discovered vulnerability in Java(TM) Platform SE 7 U51, or is Firefox just having a good time watching me try to wrangle a phantom problem??

When I use: "Tools -> Add-ons -> Plugins" and then select "Check to see if plugins are up to date", Firefox 28.0 (currently indicated as the latest, up-to-date version) signifies that the detected version of Java (currently Java(TM) Platform SE 7 U51) is "Vulnerable" and suggests an update. The Java website indicates that Java(TM) Platform SE 7 U51 is the most current version. Downloading and re-installing Java and doing a system restart does not change Firefox's behavior, it continues to flag the Java version as needing an update. Is there a newly discovered vulnerability in Java(TM) Platform SE 7 U51, or is Firefox just having a good time watching me try to wrangle a phantom problem??

被采纳的解决方案

Java 8 was just released; could that be the problem?

http://www.oracle.com/technetwork/java/javase/overview/index.html

The design of the plugin check site (last time I checked) doesn't accommodate multiple "current" versions. So if the site has been updated to recognize Java 8 as current, this could lead to a lot of confusion.

Assuming the Plugins section of the Add-ons page has not disabled Platform SE 7 U51 (based on the block file that Firefox regularly downloads), then I think it's probably still good.

(I actually have U45 on this computer, whoops, so I can't test the response to U51 right now.)

定位到答案原位置 👍 9

所有回复 (9)

more options

选择的解决方案

Java 8 was just released; could that be the problem?

http://www.oracle.com/technetwork/java/javase/overview/index.html

The design of the plugin check site (last time I checked) doesn't accommodate multiple "current" versions. So if the site has been updated to recognize Java 8 as current, this could lead to a lot of confusion.

Assuming the Plugins section of the Add-ons page has not disabled Platform SE 7 U51 (based on the block file that Firefox regularly downloads), then I think it's probably still good.

(I actually have U45 on this computer, whoops, so I can't test the response to U51 right now.)

more options

BINGO !

The routine update path for Java continues to show SE 7 U51 as the current release.

I followed the link to the Oracle release information and found the download for version 8 and installed it.

The vulnerability checker is now happy.

My risk-aversity can now relax.

Thanks for the clue to the solution.

more options

I have the same confusion. FF says to update from V51, but, when you go to update it still has V51 as the most current version. I even tried Java.com and it still shows V51 as the most current version. I'm confused. What's the story here?

more options

I think there are two things going on here:

(1) The plugin check site now recognizes Java 8 as "current" and therefore recognizes Java 7 as "old." But Java 7 U51 is not blocked and you can still use it.

(2) Oracle is reluctant to push everyone to Java 8 now; probably they fear it is not fully debugged. So they still recommend Java 7 on java.com.

Yes, that leaves a confusing picture; it's a limitation of the plugin check site that it can't keep track of multiple current, fully patched versions of plugins. It always recommends the latest. (Windows Vista users would be familiar with this problem from the Adobe Acrobat plugin, because Adobe doesn't support Acrobat/Reader XI on Vista.)

more options

When I originally started this thread, I was lead through the registration process, and appeared to be dumped part way through, so with my new registration, I tried again, resulting in two threads, 990988 and 990986 linkified ~J99 and two response threads containing reference to the new Java 8 release, but differing in detail.

In the other thread, there was a response which included a link to the Java Developer site, which posts the developer release of Java 8. Versions are released for developer eval prior to releasing to the rest of us unwashed masses, so that they can get technically-accurate comments on the release and any anomalies that might be found.

My perception is that they have yet to publicize and mass-distribute this release until they have tested the waters with their established developer base.

I suspect that the Firefox vulnerability checker got updated prematurely.

I did jump the gun using the link posted in the other thread, with the result being that the vulnerability checker stopped waving a red (orange) flag in my face.

I probably would have been wise to wait for the mass-consumable version.

The other thread on this subject has the link to the developer website that I used to fish for the developer release.

由John99于修改

more options

27MAR14 Sun / Oracle Java version 8 is not compatible with 32-bit XP. The installer fails because there in no RegDeleteKeyExA in 32-bit XP. Sun screwed up another one ... I will stick with JRE 7_U51 until ... Complete explanation link follows: <> http://koitsu.wordpress.com/2014/03/18/oracle-java-8-jre-8-and-windows-xp-32-bit-failure/

more options

so it is best to just ignore the vulnerbility?

more options

Hi tyme58dj, this is a problem with the Plugin Checker site, that old versions are assumed to be vulnerable. There is no actual indication that Java(TM) SE 7 U51 is vulnerable. So for the moment, yes, it is best to just ignore that information and rely on the Java updater to make sure Java is up-to-date. (Unless you've turned it off, the updater runs automatically when you start Windows.)

more options

thanks for the help jscher2000.....i never turn java off and check it frequently as i do other checks and updates. I guess in time Mozilla and Oracle will work it out