David E. Ross wrote:
On 7/20/11 4:54 PM, NoOp wrote:
On 07/20/2011 11:23 AM, Dick Hoffman wrote:
NoOp wrote:
...
I tracked it back to this:
https://bugzilla.mozilla.org/show_bug.cgi?id=506985
[Bug 506985 - remove java-specific preferences from Firefox UI, hidden
prefs ]
Looks like the option to disable/enable java was removed in Firefox 3.6
forward. And the Firefox solution:
<https://support.mozilla.com/en-US/kb/How%20to%20turn%20off%20Java%20applets>
Use the addons manager.
My wife points out this change has further security implications
depending on how it was implemented. Did the update that changed the
Enable/Disable of Java to the Add-ons Manager take into consideration
the user's current preference setting or did it take a default and, if
so, was the default Enable or Disable? If it took a default of Enable
there could be other chumps like me out there thinking they've got Java
disabled when they really don't.
Dick
I wouldn't argue about the security implications... but yes the default
is set to enable (I turn off/on using Prefbar). I reckon that is the
reason for the other bug reports; meaning they plan to remove the option
to turn off/on altogether in the Preferences UI on SeaMonkey. This is
one area that I think that SeaMonkey should stick to their guns and
leave the Preferences option to turn Java on/off in *and* ensure that it
works properly.
Slight added note: if you reference a bug report it is helpful to
include the url to the bug report rather than simply referring to it by
number. This way, folks not familar with bugzilla can easily click on
the link to review/comment. So your report is:
<https://bugzilla.mozilla.org/show_bug.cgi?id=672665>
and the bug that your bug was duped to:
<https://bugzilla.mozilla.org/show_bug.cgi?id=512378>
Which btw IMO isn't resolved/fixed as it apparently doesn't work in SM
2.1 or 2.2& that indeed can be a security issue. You might want to add
your comments there.
This is very confusing, but I think I now understand what is happening.
The following applies to SeaMonkey at least through version 2.2.
It appears that the Java checkbox at [Edit> Preference> Advanced] and
the Java checkbox in PrefBar both modify the preference variable
security.enable_java. However, changing the checkmark at [Edit>
Preference> Advanced] does not change the checkmark in PrefBar; but
changing the checkmark in PrefBar does change the checkmark at [Edit>
Preference> Advanced]. Changing it at either place, does change
security.enable_java.
Toggling security.enable_java via about:config does show the changes at
[Edit> Preference> Advanced] but not in PrefBar. Thus, there is an
error in PrefBar in how it displays the current state of
security.enable_java. This is a display problem and not a problem with
using PrefBar to toggle security.enable_java.
In any case, if security.enable_java is "false" or "true", Java is
disabled or enabled. It is not yet necessary to use the Add-ons
Manager. The elimination of the use of security.enable_java to control
Java will likely be implemented in SeaMonkey 2.3 or shortly thereafter,
when the Add-on Manager will become the only way to disable or enable
Java.
My finding was that the state of security.enable_java has no impact on
the execution status of Java in SM 2.1 or 2.2. That only via the AOM can
Java be enabled or disabled, which seems to be what the bugzilla reports
are saying. I didn't play with the settings directly in prefs.js or via
about:config so I may be wrong. Anyway, we've probably spent enough time
on this.
Dick
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
