Windows 7 Concerns Over JavaScript Injection Vulnerability in SSL Connections

[Trouble]

A new Java Script injection that may expose private information even inside SSL encrypted connections seems to be a big concern for many, not the least of which is the Firefox browser development team.
Seems like they may even be considering blocking all versions of the Java Plugin in future releases of the browser.
Interesting article at this source.
Regards
Randy

 

[Corrine]

Let's hope the Oracle Java SE update to be released today addresses this vulnerability. The update is reported to include 20 new security fixes for Oracle Java SE. (Pre-release Announcement: Oracle Java Critical Patch Update - October 2011).

 

[Corrine]

According to The Register article (Oracle updates Java to stop SSL-chewing BEAST), the Java SE update solved the vulnerability of the BEAST and Firefox will continue working with Java.

That said, do you really need Java? As I've mentioned in more than one blog article, when it comes to Oracle Java JRE, you may have it installed on your computer but might not even need it. Following are reasons why someone may need Oracle Sun Java installed on their computer:

• Playing on-line games generally requires Java.
• With OpenOffice, Java is needed for the items listed Link Removed .
• It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
• There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.

If the above does not apply to you, consider uninstalling Java. In the event you discover that it is needed, you can always download the most recent version.

​