為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox 28.0 is indicating that my installed Java SE 7 U51 is vulnerable (2014 03 20)

  • 9 回覆
  • 61 有這個問題
  • 1 次檢視
  • 最近回覆由 tyme58dj

more options

When I use: "Tools -> Add-ons -> Plugins" and then select "Check to see if plugins are up to date", Firefox 28.0 (currently indicated as the latest, up-to-date version) signifies that the detected version of Java (currently Java(TM) Platform SE 7 U51) is "Vulnerable" and suggests an update.

The Java website indicates that Java(TM) Platform SE 7 U51 is the most current version. Downloading and re-installing Java and doing a system restart does not change Firefox's behavior, it continues to flag the Java version as needing an update.

Is there a newly discovered vulnerability in Java(TM) Platform SE 7 U51, or is Firefox just having a good time watching me try to wrangle a phantom problem??

When I use: "Tools -> Add-ons -> Plugins" and then select "Check to see if plugins are up to date", Firefox 28.0 (currently indicated as the latest, up-to-date version) signifies that the detected version of Java (currently Java(TM) Platform SE 7 U51) is "Vulnerable" and suggests an update. The Java website indicates that Java(TM) Platform SE 7 U51 is the most current version. Downloading and re-installing Java and doing a system restart does not change Firefox's behavior, it continues to flag the Java version as needing an update. Is there a newly discovered vulnerability in Java(TM) Platform SE 7 U51, or is Firefox just having a good time watching me try to wrangle a phantom problem??

被選擇的解決方法

Java 8 was just released; could that be the problem?

http://www.oracle.com/technetwork/java/javase/overview/index.html

The design of the plugin check site (last time I checked) doesn't accommodate multiple "current" versions. So if the site has been updated to recognize Java 8 as current, this could lead to a lot of confusion.

Assuming the Plugins section of the Add-ons page has not disabled Platform SE 7 U51 (based on the block file that Firefox regularly downloads), then I think it's probably still good.

(I actually have U45 on this computer, whoops, so I can't test the response to U51 right now.)

從原來的回覆中察看解決方案 👍 9

所有回覆 (9)

more options

選擇的解決方法

Java 8 was just released; could that be the problem?

http://www.oracle.com/technetwork/java/javase/overview/index.html

The design of the plugin check site (last time I checked) doesn't accommodate multiple "current" versions. So if the site has been updated to recognize Java 8 as current, this could lead to a lot of confusion.

Assuming the Plugins section of the Add-ons page has not disabled Platform SE 7 U51 (based on the block file that Firefox regularly downloads), then I think it's probably still good.

(I actually have U45 on this computer, whoops, so I can't test the response to U51 right now.)

more options

BINGO !

The routine update path for Java continues to show SE 7 U51 as the current release.

I followed the link to the Oracle release information and found the download for version 8 and installed it.

The vulnerability checker is now happy.

My risk-aversity can now relax.

Thanks for the clue to the solution.

more options

I have the same confusion. FF says to update from V51, but, when you go to update it still has V51 as the most current version. I even tried Java.com and it still shows V51 as the most current version. I'm confused. What's the story here?

more options

I think there are two things going on here:

(1) The plugin check site now recognizes Java 8 as "current" and therefore recognizes Java 7 as "old." But Java 7 U51 is not blocked and you can still use it.

(2) Oracle is reluctant to push everyone to Java 8 now; probably they fear it is not fully debugged. So they still recommend Java 7 on java.com.

Yes, that leaves a confusing picture; it's a limitation of the plugin check site that it can't keep track of multiple current, fully patched versions of plugins. It always recommends the latest. (Windows Vista users would be familiar with this problem from the Adobe Acrobat plugin, because Adobe doesn't support Acrobat/Reader XI on Vista.)

more options

When I originally started this thread, I was lead through the registration process, and appeared to be dumped part way through, so with my new registration, I tried again, resulting in two threads, 990988 and 990986 linkified ~J99 and two response threads containing reference to the new Java 8 release, but differing in detail.

In the other thread, there was a response which included a link to the Java Developer site, which posts the developer release of Java 8. Versions are released for developer eval prior to releasing to the rest of us unwashed masses, so that they can get technically-accurate comments on the release and any anomalies that might be found.

My perception is that they have yet to publicize and mass-distribute this release until they have tested the waters with their established developer base.

I suspect that the Firefox vulnerability checker got updated prematurely.

I did jump the gun using the link posted in the other thread, with the result being that the vulnerability checker stopped waving a red (orange) flag in my face.

I probably would have been wise to wait for the mass-consumable version.

The other thread on this subject has the link to the developer website that I used to fish for the developer release.

由 John99 於 修改

more options

27MAR14 Sun / Oracle Java version 8 is not compatible with 32-bit XP. The installer fails because there in no RegDeleteKeyExA in 32-bit XP. Sun screwed up another one ... I will stick with JRE 7_U51 until ... Complete explanation link follows: <> http://koitsu.wordpress.com/2014/03/18/oracle-java-8-jre-8-and-windows-xp-32-bit-failure/

more options

so it is best to just ignore the vulnerbility?

more options

Hi tyme58dj, this is a problem with the Plugin Checker site, that old versions are assumed to be vulnerable. There is no actual indication that Java(TM) SE 7 U51 is vulnerable. So for the moment, yes, it is best to just ignore that information and rely on the Java updater to make sure Java is up-to-date. (Unless you've turned it off, the updater runs automatically when you start Windows.)

more options

thanks for the help jscher2000.....i never turn java off and check it frequently as i do other checks and updates. I guess in time Mozilla and Oracle will work it out