Is Firefox Serious About Blocking the Java Plugin?

Home » Internet Browsers

Is Firefox Serious About Blocking the Java Plugin?

by Chinmoy Kanjilal | Friday, 30th Sep 2011 | 2 Comments | Share

Firefox is the second most popular web-browser and it has held this title for too long. Projected figures show that it is going to lose the title in December. However, an ongoing discussion by Mozilla might accelerate the fact. The discussion is on whether Firefox should allow the Java plugin, which is used for almost all transactions (not just online banking transactions) across the world.
java-plugin
A new attack has been identified that decrypts web-traffic and can dig through sensitive and personal information being sent over a transaction. The attack has been termed as the BEAST (Browser Exploit Against SSL/TLS) attack and it has been demonstrated successfully in a proof-of-concept hack.

Dan Goodin from The Register talks about the BEAST exploit:

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.

The Public Key Infrastructure has three core services to take care of- Authentication, Integrity and Confidentiality. Authentication makes sure that the people at either end of the transaction are indeed who they claim to be. Integrity ensures that the data being transmitted is sent and received in the same form without alteration. Confidentiality deals with hiding the data from prying eyes, making the data comprehensible only to the people at either end. The BEAST attack goes after confidentiality and breaks it successfully.

The bug 689661 on Bugzilla at Mozilla lists out a favorite solution of blacklisting all versions of the Java plugin. This will affect all corporate businesses (ones that are transaction based) and some regular features of services that explicitly rely on the Java plugin, ones like Facebook video chat.

Currently, the only web-browser that is attempting to secure against this attack (without removing Java support) is Google Chrome.

(Image source)

Recent Activity: »

Read More On: Firefox, Java

Author: Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written 948 articles for us.

The author of this post can be contacted at chinmoy@techie-buzz.com

Comment Using Facebook

2 Responses to this Article | Share your Opinions/Comments

We moderate comments to prevent spam. Moderation is done within few hours. Please try and stay on topic and refrain from using abusive language. If you think there is a problem with this post, please email the post author or send us an email at tips@techie-buzz.com with the URL and the problem you see and we will rectify it as soon as we can.

Meena bassem on September 30th, 2011 at 2:48 pm #
really ,disable the java plugin? well, i guess chrome will be more popular then
Reply to this comment
Philani Dlamini on October 4th, 2011 at 1:53 am #
We have Chrome, Mozilla deuchebags
Reply to this comment

About/Links

Featured Categories

Connect With Us

Most Read Topics In Internet Browsers Today

Copyright 2006-2011 Techie Buzz. All Rights Reserved. The content is copyrighted to Techie Buzz and may not be reproduced on other websites.
Powered by WordPress | Design by Keith Dsouza | Hosted @Linode and @Dreamhost | Content Delivery by MaxCDN | XHTML Valid
This website is best viewed in 1280x1024 resolution(s)

Home » Internet Browsers