On 7/20/11 4:54 PM, NoOp wrote: > On 07/20/2011 11:23 AM, Dick Hoffman wrote: >> NoOp wrote: > ... >>> I tracked it back to this: >>> https://bugzilla.mozilla.org/show_bug.cgi?id=506985 >>> [Bug 506985 - remove java-specific preferences from Firefox UI, hidden >>> prefs ] >>> >>> Looks like the option to disable/enable java was removed in Firefox 3.6 >>> forward. And the Firefox solution: >>> <https://support.mozilla.com/en-US/kb/How%20to%20turn%20off%20Java%20applets> >>> Use the addons manager. >>> >>> >>> >> My wife points out this change has further security implications >> depending on how it was implemented. Did the update that changed the >> Enable/Disable of Java to the Add-ons Manager take into consideration >> the user's current preference setting or did it take a default and, if >> so, was the default Enable or Disable? If it took a default of Enable >> there could be other chumps like me out there thinking they've got Java >> disabled when they really don't. >> Dick > > I wouldn't argue about the security implications... but yes the default > is set to enable (I turn off/on using Prefbar). I reckon that is the > reason for the other bug reports; meaning they plan to remove the option > to turn off/on altogether in the Preferences UI on SeaMonkey. This is > one area that I think that SeaMonkey should stick to their guns and > leave the Preferences option to turn Java on/off in *and* ensure that it > works properly. > > Slight added note: if you reference a bug report it is helpful to > include the url to the bug report rather than simply referring to it by > number. This way, folks not familar with bugzilla can easily click on > the link to review/comment. So your report is: > <https://bugzilla.mozilla.org/show_bug.cgi?id=672665> > and the bug that your bug was duped to: > <https://bugzilla.mozilla.org/show_bug.cgi?id=512378> > Which btw IMO isn't resolved/fixed as it apparently doesn't work in SM > 2.1 or 2.2 & that indeed can be a security issue. You might want to add > your comments there. >
This is very confusing, but I think I now understand what is happening. The following applies to SeaMonkey at least through version 2.2. It appears that the Java checkbox at [Edit > Preference > Advanced] and the Java checkbox in PrefBar both modify the preference variable security.enable_java. However, changing the checkmark at [Edit > Preference > Advanced] does not change the checkmark in PrefBar; but changing the checkmark in PrefBar does change the checkmark at [Edit > Preference > Advanced]. Changing it at either place, does change security.enable_java. Toggling security.enable_java via about:config does show the changes at [Edit > Preference > Advanced] but not in PrefBar. Thus, there is an error in PrefBar in how it displays the current state of security.enable_java. This is a display problem and not a problem with using PrefBar to toggle security.enable_java. In any case, if security.enable_java is "false" or "true", Java is disabled or enabled. It is not yet necessary to use the Add-ons Manager. The elimination of the use of security.enable_java to control Java will likely be implemented in SeaMonkey 2.3 or shortly thereafter, when the Add-on Manager will become the only way to disable or enable Java. -- David E. Ross <http://www.rossde.com/> On occasion, I might filter and ignore all newsgroup messages posted through GoogleGroups via Google's G2/1.0 user agent because of spam from that source. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
