Endpoint

1/28/2016
12:40 PM
50%
50%

Oracle Retires Java Browser Plug-In

Move in response to the 'plug-in free Web' trend.

It's official: the plug-in is on its way out. Oracle -- under pressure from moves by Google and other browser makers to remove plug-in support -- now plans to eliminate the Java browser plug-in.

"With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology," Oracle wrote in a blog post announcing the move.

The Java browser plug-in will be dead as of JDK 9. "This technology will be removed from the Oracle JDK and JRE in a future Java SE release," Oracle says.

To read more about Oracle's historic move, see this blog post and this white paper.

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2016 | 11:22:14 PM
Re: Microsoft Silverlight Next?
What did they move to from Silverlight?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2016 | 11:21:18 PM
Re: Good Start
I very much agree with you. HTML5 has been proven to be a source of fewer vulnerabilities. However, if it becomes more mainstream do we think maybe HTML5 will become more vulnerable in the future?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2016 | 11:14:34 AM
Re: Microsoft Silverlight Next?
"... Microsoft Silverlight Next?  ..."

I am not sure if anybody using Silverlight for their projects anymore. Anybody I talked to recently they were all got out of it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2016 | 11:10:44 AM
Re: Microsoft Silverlight Next?
" ... plug-in free web movement ..."

I agree. There should be less need to plug-ins, we need to be ready to switch between apps if we go with that tough. There is not going to be one app that does everything we want.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2016 | 11:08:09 AM
Re: Good Start
"... Java SDK dependencies pose a larger risk ..."

Everything related to client side should go to HTML5 in my view. It is hard to keep up with vulnerabilities if there are too many options.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/30/2016 | 11:05:02 AM
Java Applets
 

It was big and flashy when it was intruded. Like flash, it is very powerful tool but their time has passed.
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
1/28/2016 | 5:30:04 PM
Microsoft Silverlight Next?
I am so happy I am speechless!  The importance of this move will be understood over the next couple years.  Finally, kudos to Oracle for "getting it" - at least on plug-in free web movement.  Next?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/28/2016 | 3:48:32 PM
Good Start
This is a good start but I think Java SDK dependencies pose a larger risk due to the level of effort behind upgrading along with app testing than retiring a plugin would. Can someone explain this in further detail?
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6443
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVE-2019-6444
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVE-2019-6445
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVE-2019-6446
PUBLISHED: 2019-01-16
An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.
CVE-2019-6442
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.