Disabling Java Plug-ins

In recent years, the Java development platform has become a favored target for hackers, leading to a growing list of Java-specific vulnerabilities being discovered and exploited by various malware.

As such, many security researchers and national computer security organizations caution users to limit their usage of Java, unless required for business reasons, or to remove it entirely, including disabling Java plug-ins in web browsers.

Listed below are instructions for disabling Java plug-ins or add-ons in common web browsers ( based on the advice given by the US-CERT Vulnerability Note VU#636312).

  • Mozilla Firefox
  • Google Chrome
  • Apple Safari
  • Microsoft Internet Explorer

Included below are links to resources that provide additional removal information.

Mozilla Firefox

  1. From the main menu bar, select ‘Tools’ > ‘Add-ons’ (or just click ‘Ctrl+Shift+A’).
  2. Look for plugins containing the term ‘Java’ and click the ‘Disable’ button next to them.
  3. Restart the browser.


Google Chrome

  1. Type ‘about:plugins’ into the Omnibar.
  2. Look for the ‘Java’ plugin and click the ‘Disable’ link next to it.


Apple Safari

  1. Click ‘Preferences’, then ‘Security tab’.
  2. Uncheck ‘Enable Java’.


Microsoft Internet Explorer

  1. Click ‘Tools’ > ‘ Manage add-ons’.
  2. Select any add-ons with the term ‘Java’, then under the ‘Settings’ box below, check the ‘Disable’ radio button.
  3. Click ‘OK’.
  4. Restart the browser.

In addition, you can disable Java from the Windows’ Control Panel:

  1. In Window’s Control Panel, click on ‘Java’; a Java Control Panel will appear.
  2. In the Java Control Panel, select the ‘Java’ tab and click the ‘View’ button. For any JRE versions listed, uncheck the ‘Enabled’ box. Click ‘OK’.
  3. In the Java Control Panel, click ‘Apply’ or ‘OK’.



For additional information, check out the following resources:

  1. Java; Verify Java Versionhttp://www.java.com/en/download/installed.jsp
  2. United States Computer Emergency Readiness Team (US-CERT); Vulnerability Note VU#636312: Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged cod;http://www.kb.cert.org/vuls/id/636312
  3. CERT-FI (CERT Finland);Tietoturva nyt!; http://www.cert.fi/tietoturvanyt/2012/08/ttn201208281337.html (Finnish language)
  4. CERT-FI (CERT Finland); Restricting browser add-ons to protect against Java vulnerabilities;https://www.facebook.com/notes/cert-fi/selaimen-lis%C3%A4osien-rajoittaminen-suojaa-my%C3%B6s-java-haavoittuvuudelta/10152117863205145
This entry was written by Zac , posted on Tuesday August 28 2012at 01:08 am , filed under Open Tabs, Security, Vulnerabilities and tagged , , , , , , , , , , , , , , , , , , . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

Leave a Reply

You must be logged in to post a comment.