In a blog post today, security journalist Brian Krebs reported that Mozilla is disabling older versions of the Java Development Toolkit plugin in the open source Firefox Web browser.
It’s an attempt to close a newly discovered security hole that hackers have been using to install malicious code.
“On April 15,” Krebs wrote, “Oracle Corp. pushed out an update to its Java software to fix a dangerous security flaw in the program. The patch came just a day after it became clear that criminals were using the flaw to break into vulnerable systems.”
But Mozilla developers are concerned that Oracle’s fix isn’t good enough and they began discussing the forced removal of the plugin.
“Even after the Java patch shipped, the developers apparently were concerned that the Oracle update didn’t fix the exploit for all Firefox users,” Krebs said.
Judging by the comments, here and here, not everyone is thrilled about Mozilla’s decision to kill the add-on.