SolarStar Report post Posted August 30, 2012 (edited) http://www.heise.de/...ke-1677249.html I became only today aware of this security problem. I try to keep my system components up-to-date but in this case, .. The exploide code is already public, no fix or response from oracle yet. I removed a virus from my computer ( I can't remember that my virus scanner ever found one before ) just a few days ago but I couldn't sense how I got it.. lol .. I got the info a bit late but at least I know why. Instructions how to deactivate java plugins in Firefox and Chorme: chrome://plugins/ are also given on the website. Edited August 30, 2012 by SolarStar Share this post Link to post Share on other sites
SolarStar Report post Posted August 30, 2012 http://www.heise.de/security/artikel/Java-0-Day-unter-der-Lupe-1676764.html Share this post Link to post Share on other sites
tork_unib Report post Posted August 30, 2012 There's a writeup on it (in english) here: https://isc.sans.edu/diary.html?storyid=13984 The recomendation is to either disable Java, downgrade to the previous version or use a scriptblocking plugin like noscript. An english writeup on disabling Java here: http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ Personally, my approach has been a combination of the noscript and adblock plus plugins - it's nigh on impossible to actually *use* the web without Java and Flash these days, but ymmv. Share this post Link to post Share on other sites
SolarStar Report post Posted August 30, 2012 http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=de&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FOracle-reagiert-mit-Notfall-Update-auf-Java-Schwachstelle-1696086.html&act=url You better update to 7.7 "Drei der Lücken haben den höchstmöglichen Schweregrad von 10.0." Share this post Link to post Share on other sites
saxum Report post Posted September 3, 2012 Personally, my approach has been a combination of the noscript and adblock plus plugins - it's nigh on impossible to actually *use* the web without Java and Flash these days, but ymmv. I use Flash Block tool and only enable flashes I want to see and white list a few. Use another browser for times I rarely want no flash blocking or disable it temporarily. Too many sites use multiple flash components when not necessary to function or just for ad overload. Share this post Link to post Share on other sites
tork_unib Report post Posted September 3, 2012 Personally, my approach has been a combination of the noscript and adblock plus plugins - it's nigh on impossible to actually *use* the web without Java and Flash these days, but ymmv. I use Flash Block tool and only enable flashes I want to see and white list a few. Use another browser for times I rarely want no flash blocking or disable it temporarily. Too many sites use multiple flash components when not necessary to function or just for ad overload. I find in general noscript seems to block flash too. One thing I've been looking for though is a tool that will let me white/black list specific scripts from domains. NoScript seems to just do it per domain which is a pity. http://translate.goo...86.html&act=url You better update to 7.7 "Drei der Lücken haben den höchstmöglichen Schweregrad von 10.0." Patched, but i'd hesitate to call it problem solved https://isc.sans.edu/diary.html?storyid=14017 Share this post Link to post Share on other sites