Disable the Java plugin in browsers to avoid drive-by attacks
Firefox and Chrome no longer support Java-like plugins.
Every now and then, Java is subject to security issues where code can break out of Java's sandbox and obtain more privileges than it should.
In almost all cases, such issues are actively being used for drive-by attacks via the Java browser plug-in, for example by malicious ad banners.
Since removing Java completely is not an option for us, make sure the Java plug-in is always disabled in every browser, even when you have updated Java on your machine.
Please remember to also check browsers inside your virtual machines.
- Firefox:
-
- The "How to turn off Java applets" guide basically says:
Tools → Add-ons → Plugins → Disable the Java plug-in, if present. - You can visit about:plugins to check which plug-ins are currently enabled.
- The "How to turn off Java applets" guide basically says:
- Chrome (deprecated - newer chromes do not support plugins anymore):
-
- Visit chrome://plugins/. (Note that this is not the same as going to Settings → Extensions, since extensions and plugins are different things.)
- Disable the Java plug-in, if present.
- Opera:
-
- Visit opera:plugins.
- Disable the Java plug-in, if present.
- Safari:
-
- The "How to disable the Java web plug-in in Safari" guide basically says:
Preferences → Security → untick "Enable Java".
- The "How to disable the Java web plug-in in Safari" guide basically says:
- Internet Explorer:
-
- Tools menu → Internet options → Programs → Manage Add-ons → Select the Java plug-in, if present, and disable it.