On Fri, Apr 9, 2010 at 12:08 PM, Tavis Ormandy <tav...@sdf.lonestar.org> wrote:
> ------------------- > Mitigation > ----------------------- [...] > - Mozilla Firefox and other NPAPI based browser users can be protected using > File System ACLs to prevent access to npdeploytk.dll. Just for the record (since I had to go hunting to find out), Giorgio Maone says NoScript will protect Firefox users (so long as you haven't whitelisted the relevant website for other purposes) : http://forums.informaction.com/viewtopic.php?f=8&t=4207 As a lot of folks are concluding, it's better to just uninstall Java altogether (at least till Soracle sorts out the various appalling design decisions they seem to have made with this product), but some of us are stuck with workstations that need Java installed for one reason or another. Cheers Nick -- Leave the Olympics in Greece, where they belong. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
