The importance on this really should be raised to maximum. The version of the Java plugin that exists in Firefox on Linux Mint 12 contains known and published sandbox vulnerabilities that allow arbitrary Java code execution on the system simply by visiting a Web site that loads a malicious Java applet. This includes the extremely critical Rhino script engine vulnerability. Any users who have not manually disabled the Firefox Java plugin, or manually upgraded their Java and replaced the plugin using update-alternatives are vulnerable to these arbitrary code execution exploits if they visit a Web site with a malicious Java applet.
This vulnerability has existed since October of last year. If you aren't going to update the Java plugin to a version that is not vulnerable, then you should send out an update that disables the plugin. The lax attitude being taken with this is concerning, to say the least. Again, even with a fully updated system, users are currently vulnerable to in the wild remote arbitrary code execution vulnerabilities that can be triggered simply by visiting a Web site with a malicious Java applet. These vulnerabilities have been known about since October. Please, either find a way to update the plugin, or simply disable it. Because right now, you are exposing unaware end-users to an extremely serious security vulnerability. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/890278 Title: sun java outdated To manage notifications about this bug go to: https://bugs.launchpad.net/linuxmint/+bug/890278/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
