• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Java Deployment Toolkit exploit

Red Squirrel

Red Squirrel

No Lifer
http://seclists.org/fulldisclosure/2010/Apr/119

Firefox blocked it: https://bugzilla.mozilla.org/show_bug.cgi?id=558584

Actually I did not even know firefox could do that, I got to my PC just now and had a message saying that FF blocked an extension (did not even know I had it) for my security, so upon a bit of research, found out why. This is actually a pretty serious flaw.

For those using IE you may want to check to make sure you don't have this addon.

It does not seem to affect mac at this point.
 
RedSquirrel said:
http://seclists.org/fulldisclosure/2010/Apr/119

Firefox blocked it: https://bugzilla.mozilla.org/show_bug.cgi?id=558584

Actually I did not even know firefox could do that, I got to my PC just now and had a message saying that FF blocked an extension (did not even know I had it) for my security, so upon a bit of research, found out why. This is actually a pretty serious flaw.

For those using IE you may want to check to make sure you don't have this addon.

It does not seem to affect mac at this point.
Click to expand...

Were you surfing AnandTech when you got that message, or somewhere else?

I personally think everyone should ditch Java runtime on any browser unless they have a need for it. If you need it, get the 6u20 update from this page. If you don't, uninstall it and be free of it.
 
I was doing a re-install of Avira 10 & updating it this morning when FF opened on it's own & had that notice about it blocking an add-on. I had Java installed but i didn't have that development toolkit add-on.

A couple of hours later i see this thread.
 
Spacehead said:
I was doing a re-install of Avira 10 & updating it this morning when FF opened on it's own & had that notice about it blocking an add-on. I had Java installed but i didn't have that development toolkit add-on.

A couple of hours later i see this thread.
Click to expand...

Question for both of you: do you have a Java-driven P2P program, by any chance?
 
A relative reported this to me last night. They also use Sandboxie so I just canceled the message and told them that if they surf anywhere else to empty the sandbox and start a new session. I was kind of worried that it was a fake pop-up or some add-on was installed.

Today I got the message myself while surfing my normal sites so I knew it was legit. My relative was playing games on pogo.com whenever they got the warning. I only have java and flash installed on their machine without any other add-ons while on my machine I have ABP and NoScript installed. Both rigs run with Sandboxie which has been tweaked a bit to limit files access as well and run and internet access. No P2P programs on either machine.

Edit: I really wish sun and adobe would get their act together! /rant
 
Last edited:
After reading this thread the other day i took mechBgon's advice & uninstalled Java. Figured what the heck, i probably don't need it anyway.

So just now i get this message again, about this "Java Deployment Toolkit" add-on, to disable it & restart FF.

What's the deal with this? I don't have that add-on installed. Is this an exploit of that add-on or is something trying to install that add-on for it's own purposes?

Edit-
damn, "Java Deployment Toolkit" is installed. Where the hell did that come from? It's in the Plug-in section, not the Add-on section
 
Last edited:
It's probably a leftover from the java installation. I removed java myself and I saw a remnant in the plugin section of my browser too, which i disabled.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top