Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

Thu, 10 Dec 2015 13:32:43 -0800

I'm no expert, but security is not a zero-sum game where you either have it or not.
Congratulations if your organization produces their own in-house apps, hardware and OS with security built in from the start, and timely patching for all problems that arise. The rest of us have to rely on 3rd party vendors over which we have no influence. 

jim

On 12/10/2015 1:10 PM, Eric Periard wrote:

That same mindset is what caused the Ashley Madison leak to begin with...

-----Original Message-----
From: Enterprise [mailto:[email protected]] On Behalf Of Klaus 
Hartnegg
Sent: Thursday, December 10, 2015 2:11 PM
To: [email protected]'
Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

Am 10.12.2015 um 16:40 schrieb Eric Periard:

Security is not an option in your organization?

Nobody wants a secure computer. Your computers are not secure either.
Because computers are only secure if all cables are unplugged.

A computer which allows work to be done is always a compromise.

For example a computer center here until a few weeks ago told us that SAP can 
only be reached via a Java applet. Good luck trying to talk Juniper into 
rewriting the way to connect to that terminal server. This left us with no 
choice.

If you make sure that Java in the browser is only active for the applets on 
your intranet, then this is theoretically safe. Except that is is not, because 
Java until recently could be tricked to run applets from non-whitelisted 
domains. But even so there is still the ClickToRun feature of Firefox.

If Mozilla decides that crashing is better than leaking memory, then 
organizations can be forced to stay on the previous version. A perfectly secure 
Firefox can cause people to switch to other less secure browsers.
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to [email protected] with a subject of 
"unsubscribe"
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to [email protected] with a subject of 
"unsubscribe"



_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to [email protected] with a subject of 
"unsubscribe"























					Reply via email to