Mozilla recommends upgrading to the latest version, but you can disable it altogether

Nov 23, 2012 08:51 GMT  ·  By

Mozilla is blocking a recent version of the Java plugin, Java 7 Update 7 is now added to the blocklist containing plugins with known, unpatched vulnerabilities.

Previous versions of Java are already blocked, but the very latest Java version, Java 7 Update 9 does not contain the exploitable bug and it is not blocked.

"Java 7 Update 7 is vulnerable to a critical security bug that could lead attackers to compromise the user’s system through the Java plugin. The vulnerability is currently being exploited, and is a serious risk to users," Mozilla explained.

"To mitigate this risk, we have added Java 7 Update 7 to the add-on blocklist. Update 6 and below had been blocklisted already due to other vulnerabilities," it said.

"Mozilla strongly encourages anyone who requires the Java JDK and JRE to update to the current version as soon as possible on all platforms," it added.

There is no Update 8, so Update 9 is the only Java plugin version that you should be running. If you have an older version installed, you'll be notified of the vulnerability and the block, but you may choose to bypass the block.

Even if you choose to block the plugin, you can enable it later from the Add-ons Manager, though that is not recommended.

Alternatively, you'll be able to run the Java plugin on a case-by-case basis thanks to the new click-to-play plugins feature that has made it all the way to the stable channel, along with Firefox 17.

The recommended path is to upgrade to Java 7 Update 9 as soon as possible. Of course, very few websites actually use Java these days and, unless you're sure that you need it, it's safe to remove the Java plugin altogether, you won't be missing out on anything.

The latest Java JRE is available for download here.