April 19, H Security – (International) Mozilla blocklists Java on older Mac OS X systems. Mozilla blocked the Java plugin in Firefox running on versions 10.5 and - 16 - earlier of Mac OS X, as these versions of Apple’s operating system will not be receiving an update to the installed Java on their systems. The move comes 2 weeks after Mozilla blocklisted older versions of Java on Windows that had the flaw that was being exploited by the Flashback trojan and other malware. Mac OS X systems 10.5 and older will not be getting a Java update from Apple. This means Mozilla is now comfortable adding all Java versions on those OS versions to the blocklist. However, for 10.6 and later, the situation is different: Apple released updates that remove the vulnerability for those systems, but there is a bug in Firefox 11 that causes it to ignore updates such as that one and keep reporting an old version is installed. This would, in turn, mean that if the blocklist was updated for 10.6 and later, it would most likely block the Java plugin on non-vulnerable systems. The bug in Firefox is due to be fixed in Firefox 12, which will be released April 24. Users can expect the blocklist to be updated sometime shortly after that.
Ali Loney, on April 19, 2012