Disable Java in your browser

Java zero-day vulnerability that could result in your computer being infected simply by viewing a malicious webpage. Here is a link where you can test to see if you are vulnerable. Both links have instructions on how to disable Java in various browsers. Disabling Java won’t affect your ability to read or post on the SDMB.

Thanks–I meant to look into this earlier today, but got sidetracked.

I feel safer by not testing if I am vulnerable.

I have NoScript running on Firefox, and it won’t let the test work without permission; which I’m nervous about giving, actually.

NoScript will not protect you (much) from this Java exploit. Basically, if you are running an up to date version of Java (v. 7) you are vulnerable, and there is not expected to be a patch until October (though maybe this will be brought forward with all the publicity now).

It is easy enough to disable Java in Firefox: just go to the Add-ons/Plugins page and disable anything that refers to Java. It is not so easy in IE, apparently.

For most people, it is probably best just to uninstall Java, unless you have it for some non-web-related use. Few web sites use Java these days.

Perhaps it is worth saying, as lots of people are confused about this, that Java is NOT at all the same thing as JavaScript. The similar names are misleading. They are essentially unrelated technologies.

This vulnerability affects Java, but not JavaScript. JavaScript does have its own vulnerabilities, but, unlike Java, very many, perhaps most, web sites do rely on JavaScript to work properly (though not the Dope, I think). You can’t uninstall JavaScript, it is built in to modern browsers. You can disable it with add-ons like NoScript if you want. (Personally I think that is overkill for most users, however.)

I tried to test but Chrome gives me an error:

Java™ was blocked because it was out of date.
With choices to Update or Run this time…

Sounds like I won’t be updating. :smiley:

So I’ve got Java v 1.6_29 and am not at risk. Java is not going to automatically update to v 1.7 and put me at risk without my knowledge, is it?

IE 7 user.

How do I uninstall Java?

I had to check, but would have been surprised if I had Java enabled. I didn’t.

Click the links. Read them.

Java 1.7.07 is out.


It seems that Oracle has released a patch:

Oracle Security Alert for CVE-2012-4681 (discussion of patch)

http://www.oracle.com/technetwork/java/javase/downloads/index.html (download files)

I assume that this is also what beowulff’s link is providing.

I have to keep it installed because I have online forms/sites that require it <I think> but definitely have it disabled. And MSE found 3 Java Trojans on the 20th on it’s nightly run last week. :open_mouth: (Sorry, can’t do proper smiles without Java, lol)

No. You do not need Java to use smilies on The Dope. You do however (it turns out) need JavaScript to use the smiley system. As I pointed out above, Java and JavaScript are two entirely different things, that just happen* to have similar names. If the Dope smilies are not working for you, you have JavaScript disabled, and it is probably JavaScript that you need for your forms. However, you may very well still have Java enabled, and the problem this thread is concerned with is a problem with Java, not JavaScript.

You can’t uninstall JavaScript anyway, you can only disable it. You can uninstall Java (or just not have it installed in teh first place).
*Actually the confusion was originally semi-intentional on the part of the designers of JavaScript - Java was new and trendy at the time, and they were trying to piggyback on its popularity - but they are still different things. As things worked out, JavaScript became much the more important, and more widely used, web technology.

The little formatting buttons in the Post Message screen don’t work if you disable JavaScript. You have to type everything by hand and hope you remember the proper syntax.

I am not sure? I updated my Java late last night (after reading about this issue on another site), and it still came up as vulnerable on the test site. I take it that the patch is brand new. Has it been integrated into the regular release yet?

In Windows, the easiest and surest way is to do it through uninstall programs in control panel. The instructions on those web pages are for disabling it from running in your browser (but leaving it on your machine in case it is needed for something else), which, it turns out, is not to hard to do in Firefox and probably in Chrome, but really difficult and complex in IE. I think very few people actually use Java for anything that is not browser based, and there are really not very web sites that use it now either, so just uninstalling is almost certainly OK.

On the other hand, from what Arnold and beowulff say, maybe the latest version is safe now (until some hacker discovers a newer vulnerability). I uninstalled last night, and I don’t think I am going to bother to put it back unless and until I have a real need for it.

Yep, and Dope smilies, as I just discovered (see above). Probably the drop-down menus at the top of the page, too.

Unlike Java, JavaScript is ubiquitous, and necessary for a good web experience.

Just in case there are people here who need Java and are going to update: You NEED to uninstall all of the older versions of Java before updating to the newest version. If you update to the newest version without uninstalling the previous versions, the older versions and their vulnerabilities will remain on your system.

I just went to uninstall and saw that I have JavaFX as well as Java. Is that part of what needs to be uninstalled before the new install? (This is on my PC laptop running Windows 7, in case that’s relevant in any way.)

I will only agree with this if you insert “client-side” in there before “web technology”.