Disable the Java plugin in browsers to avoid drive-by attacks

Updated . Posted . Visible to the public. Deprecated.

Firefox and Chrome no longer support Java-like plugins.

Every now Show archive.org snapshot and then Show archive.org snapshot , Java is subject to security issues where code can break out of Java's sandbox and obtain more privileges than it should.
In almost all cases, such issues are actively being used for drive-by attacks via the Java browser plug-in, for example by malicious ad banners.

Since removing Java completely is not an option for us, make sure the Java plug-in is always disabled in every browser, even when you have updated Java on your machine.
Please remember to also check browsers inside your virtual machines.

Firefox:

Chrome (deprecated - newer chromes do not support plugins anymore):

  • Visit chrome://plugins/. (Note that this is not the same as going to Settings → Extensions, since extensions and plugins are different things.)
  • Disable the Java plug-in, if present.

Opera:

Safari:

Internet Explorer:

  • Tools menu → Internet options → Programs → Manage Add-ons → Select the Java plug-in, if present, and disable it.
Arne Hartherz
Last edit
Emanuel
Keywords
unix, linux, ubuntu
License
Source code in this card is licensed under the MIT License.
Posted by Arne Hartherz to makandra dev (2012-08-30 10:16)