Just as reports surfaced that Java had taken the crown for “most exploits per update” last week, the team behind Firefox has made the decision to block the plugin entirely, effectively shutting off the opportunity to find a backdoor at the gate.
In the newest version of the popular web browser, unceremoniously dubbed Firefox 26, all Java plugins, extensions, and background processes will be shut down by default, with the option to turn it back on when it tries to run for the first time. Oracle’s web-programming language is notorious as consistently being one of the least secure on the market, and is regularly cracked by proficient and diligent hackers from around the world.
Shipped on Tuesday, Firefox 26 will present a prompt like this each time a user encounters a Java Web Start launcher or Java applet. They will then have the option of allowing it to run once only, run and remember your setting, or deny it from starting up at all.
Along with the Java fix, the newest update to Mozilla’s flagship product include dozens of bug fixes, security patches, and several minor new features that developers can utilize while building new pages. You can find the full release notes here, and as long as you fire up your browser out of Safe Mode it will automatically patch itself on its own.