It's for your own good

“Ultra-irresponsible” Firefox devs attacked for Java block

Elliot Bentley
firefox-block1

New click-to-run dialog added to enhance security – but has some users burning with anger.

Java now requires
explicit permission to run in the latest version of Firefox, thanks
to a patch that rolled out late last week.

Developers at Mozilla, the not-for-profit behind
Firefox, are hoping that it will help protect end users from
the
notoriously unsafe
browser plugin – but many
have complained that the move has disrupted their businesses (and
even the entire
nation of Denmark
).

Since January, the browser has already

blocked
out-of-date (and vulnerable)
versions of Java. However, in the wake of a particularly nasty
SSL-decrypting exploit, Firefox devs
made the decision
to prevent any version of Java
from auto-running.

The blocks were implemented
last week
, displaying an
ominous red dialog
(or an easy-to-miss icon,
shown below) when users land on a page with a Java
applet.

Despite the move being made with the best
possible intentions, by the end of the weekend the bug
ticket
began to fill up with complaints from irate
users.

“Have you all suddenly gone insane?” asked one,
a user named ‘ipatrol’, who compared the situation to
a
Dilbert comic
in which a character proclaims:
“Security is more important than usability.” Others were even less
kind: one described the move as “ultra-irresponsible”.

“Our company and our users are legitimate users
of Firefox,” wrote a software engineer at Ephox, which produces
in-browser rich text editing software. “We have needs and
requirements – one of those is for Java to work.”

Users of outdated government sites appeared to
be particularly affected. “It affects all citizens of Denmark, as
the national login is blocked,” noted one commenter. Another,
claiming to work in Spanish local government, said that “just about
ever [sic] ministerial applet is written in JAVA – and since
yesterday we’re screwed”.

And the comments kept coming. “Our business
depends on using some java applications,” said one sysadmin.
“Blocking java the way you did it, simply means: We can’t use
Firefox in our company anymore.”

Mozillans attempted to point out that Java was
still a couple of clicks away, and that sysadmins can enable Java
en masse with a Click-To-Play
manager plugin
. However, commenters emphasised the
difficulty of educating users about the changes, and some even
claimed that the click-to-play dialog did not appear for
them.

Firefox’s developers are not the first to shield
users from Java applets. The Chrome team
implemented
a similar – if less alarmist –
permissions dialog over a year ago, and the latest version of Java
already has a similar dialog by default across all
browsers.

Still, Mozilla’s bold move appears to have a struck a
nerve – even if it may be among a relative minority. For better or
worse, Java applets are still crucial to a number of web
users.

Author
Comments
comments powered by Disqus