Normally, I don’t re-post from my Firefox Blog, but these browsers plugin vulnerabilities affect other browsers (such as Chrome & Safari) besides Firefox.
- Dangerous vulnerability in latest Java version
- Version: Java 7 Update 10
- Issue: Can be used for Cyber attacks (even on fully patched Windows machines)
- Recommend Action: Browser plugin should be disabled or sandboxed (see Work Around below))
- Work Around: For those who MUST have Java, use Firefox 17 is or newer. The Java plugin will be installed but ‘sandboxed’. The plugin will not execute/run until the user gives permission ‘click to play‘ on a per site basis. The user will be prompted that the site needs Java run and if the user knows this site is “trusted”, they can choose to enable the plugin on this site only and for that session only. Users who get the prompt on a site they would not normally use Java should NOT allow the plugin to run.
- Foxit Reader can execute malicious code
- Version: 220.127.116.118. Plugin version 18.104.22.1680
- Issue: Security hole can be exploited to inject malicious code
- Recommend Action: Disable browser plugin
- Work Around: Have the browser download on open the PDF in the main Foxit application (which is safe…see notes) instead of within the browser.
- Notes: This does not affect the Foxit (PDF) Reader application itself, only the browser plugins.
How to disable plugins:
- Firefox: in the address bar type about:addons and press enter. The add-ons manager will open. On the left side select Plugins. Locate the plugins you want to disable and click the Disable button. Note: a browser restart may be needed
- Chrome: in the address bar type chrome://plugins/ and press enter. The Plug-ins manager will now be opened. Locate the plugins you want to disable and click the ‘disable’ link in the the lower left corner.
- Safari: see directions here.