SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When browsing the web - using Seamonkey or Firefox - I get a Security alert about the installed JRE plugin, and a notification that this plugin will be deactivated.
How serious is the security threat? What's the best remedy to the problem? Is there a patch somewhere to fix this?
Last week, Oracle released emergency updates to fix zero-day vulnerabilities in Java 7 and Java 6. But in the case of the Java 7 fix, the new version allows an existing flaw--spotted by security researchers and disclosed to Oracle earlier this year--to be exploited to bypass the Java sandbox. In other words, while fixing some flaws, Oracle opened the door to another one.
In light of that situation, multiple security experts said that businesses should continue to temporarily disable all Java use, whenever possible. "There are still not-yet-addressed, serious security issues that affect the most recent version of Java 7," said Adam Gowdiak, CEO and founder of Poland-based Security Explorations, which initially disclosed the exploited vulnerabilities to Oracle in April. "In that context, disabling Java until proper patches are available seems to be an adequate solution," he said via email.
Now I know that in theory, there's no security threat involved in letting the plugin activated, I wonder if there's a way to disable the security alert from popping up at seemingly random intervals. I'm thinking about my users, who will not hesitate to phone me at 7 AM on a Sunday to whine into the phone : "I HAVE A SECURITY ALERT !?! DID I CATCH A VIRUS ?!? BUT YOU SAID YOUR LINUX THINK WAS IMMUNE TO VIRUSES !?! WHAT DO I HAVE TO DO NOW ?!?"
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
I'm not sure that you actually can disable the security alert in, say, Firefox or Seamonkey (unless you went into the source code and did it there?). It pops up every so often because Firefox and Seamonkey check plugins and add-on periodically.
Might not be a bad idea to notify users, perhaps by having them read the US-CERT article at http://www.kb.cert.org/vuls/id/636312 or include the instructions from that article about how to disable the plug-in (with the links).
I'm not sure that you actually can disable the security alert in, say, Firefox or Seamonkey (unless you went into the source code and did it there?). It pops up every so often because Firefox and Seamonkey check plugins and add-on periodically.
Might not be a bad idea to notify users, perhaps by having them read the US-CERT article at http://www.kb.cert.org/vuls/id/636312 or include the instructions from that article about how to disable the plug-in (with the links).
Probably better than calls at 0700 Sunday, eh?
Hope this helps some.
Isn't there even one single option in the ocean of about:config that tells Seamonkey/Firefox to just STFU about this? The question is: which one?
kikinovak
Be proactive send all your customers an email stating:
"We have already repaired the security flaw described in the notification for java you are receiving in your browser, please ignore it.
We at (insert company name here) are always looking out for your best interest
We are current developing a fix for the Firefox alert"
kikinovak
Be proactive send all your customers an email stating:
"We have already repaired the security flaw described in the notification for java you are receiving in your browser, please ignore it.
We at (insert company name here) are always looking out for your best interest
We are current developing a fix for the Firefox alert"
LOL
john
The problem is: my users are mostly students, and I don't have their every single mail address. Nah, deactivate the security check it must be.
Open new Tab
Navigate to about:config
Accept security warning
Change extensions.blocklist.enabled to false
Restart browser
This prevents firefox from checking the blocklist you have configured at extensions.blocklist.detailsURL "
I would personally be wary about doing this...at least it would require more vigilance in monitoring your plugins manually for potential vulnerabilities (though I understand why, in your situation, it may be desirable).
I would personally be wary about doing this...at least it would require more vigilance in monitoring your plugins manually for potential vulnerabilities (though I understand why, in your situation, it may be desirable).
T3slider, you're a star! That's exactly what I've been looking for.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.