LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (http://www.linuxquestions.org/questions/debian-26/)
-   -   Iceweasel warning about IcedTea Plugin (http://www.linuxquestions.org/questions/debian-26/iceweasel-warning-about-icedtea-plugin-937889/)

michalng 04-03-2012 09:04 AM

Iceweasel warning about IcedTea Plugin
 
As some of the banking sites that I use requires java, I had install icedtea-plugin on my Debian Squeeze laptop.

Detail of application as follows:

Iceweasel (backports) -> Version: 11.0-4~bpo60+1
openjdk-6-jre -> Version: 6b18-1.8.13-0+squeeze1
openjdk-6-jre-headless -> Version: 6b18-1.8.13-0+squeeze1
openjdk-6-jre-lib -> Version: 6b18-1.8.13-0+squeeze1
icedtea6-plugin -> Version: 6b18-1.8.13-0+squeeze1


After using Iceweasel to surf the net for some time, this message pops up by itself.


As I am using this laptop is for banking, security is of prime importance. Is there something that I can / should do ?

craigevil 04-03-2012 01:00 PM

I stopped using OpenJDK6 a while back and went ahead and install Oracle's Java. Haven't had any issues.

craigevil 04-03-2012 01:41 PM

Due to security issues with older versions of Java they are now blocked in Firefox. Please update your Java.

Older versions have been added to Firefox's blocklist

As per Blocking Java

michalng 04-03-2012 05:55 PM

Quote:

Originally Posted by craigevil (Post 4643821)
Due to security issues with older versions of Java they are now blocked in Firefox. Please update your Java.

Older versions have been added to Firefox's blocklist

As per Blocking Java

craigevil,

thanks for the info, seems like my perception that packages in stable are always secure may not be correct after all.

will update to Oracle's Java as advised.

widget 04-03-2012 06:47 PM

Quote:

Originally Posted by michalng (Post 4643994)
craigevil,

thanks for the info, seems like my perception that packages in stable are always secure may not be correct after all.

will update to Oracle's Java as advised.

I am not sure where it is but Debian did, a couple months ago, recommend the change due to security concerns. Came up in my apt-list changes readout doing a update/upgrade cycle in Squeeze, Wheezy and Sid.

michalng 04-04-2012 04:35 AM

Update :

Seems like there's a new outcome.

As per the link that craigevil shared, someone in the comments highlight that icedtea/openjdk is not affect by this vulnerability and the the block will be lifted.


All times are GMT -5. The time now is 10:24 PM.