Disable the Java plugin in browsers to avoid drive-by attacks
Firefox and Chrome no longer support Java-like plugins.
Every
now
Show archive.org snapshot
and
then
Show archive.org snapshot
, Java is subject to security issues where code can break out of Java's sandbox and obtain more privileges than it should.
In almost all cases, such issues are actively being used for drive-by attacks via the Java browser plug-in, for example by malicious ad banners.
Since removing Java completely is not an option for us, make sure the Java plug-in is always disabled in every browser, even when you have updated Java on your machine.
Please remember to also check browsers inside your virtual machines.
Firefox:
- The "
How to turn off Java applets
Show archive.org snapshot
" guide basically says:
Tools → Add-ons → Plugins → Disable the Java plug-in, if present. - You can visit about:plugins to check which plug-ins are currently enabled.
Chrome (deprecated - newer chromes do not support plugins anymore):
- Visit chrome://plugins/. (Note that this is not the same as going to Settings → Extensions, since extensions and plugins are different things.)
- Disable the Java plug-in, if present.
Opera:
- Visit opera:plugins.
- Disable the Java plug-in, if present.
Safari:
- The "
How to disable the Java web plug-in in Safari
Show archive.org snapshot
" guide basically says:
Preferences → Security → untick "Enable Java".
Internet Explorer:
- Tools menu → Internet options → Programs → Manage Add-ons → Select the Java plug-in, if present, and disable it.