Apple is next as Mozilla is blocking the Java plugin in Firefox running on versions 10.5 and earlier of Mac OS X, as these operating systems will not be getting an update to the installed Java on their systems.
The move comes two weeks after Mozilla blocklisted older versions of Java on Windows which had the flaw the Flashback Trojan and other malware exploited.
Mac OS X systems 10.5 and older will not be getting a Java update from Apple and this has meant that Mozilla now feels comfortable adding all Java versions on those OS versions to the blocklist.
But for 10.6 and later, the story is different: Apple has released updates which remove the vulnerability for those systems but, according to Mozilla’s Add-Ons blog, there is a bug in Firefox 11 that causes it to ignore updates and keep reporting that an old version is running.
This would, in turn, mean if the blocklist updated for 10.6 and later, it would most likely block the Java plugin on non-vulnerable systems. There should be a fix in the bug in Firefox 12, which will release April 24; expect the blocklist to update shortly after that.
The blocking applied is a “soft block” and a user can override it by going to Tools -> Add-ons -> Plugins and clicking on the enable button for the Java plugin; this should only occur where the user knows they will not be visiting any sites where Java-based malware is present though. Users can, of course, use the same window to disable the Java plugin too, a path recommended by security experts.