With the community edition of Firefox (in our case, 10 ESR) along with the adm templates for group policy, can one disable plugins that might be installed? For example, with the newly announced CERT vulernability on the Java 7 plug-in, I'd like to disable that temporarily.
Thanks.
Disabling Plug-Ins (specifically java) via Group Policy
Re: Disabling Plug-Ins (specifically java) via Group Policy
I just circulated this the instructions from CERT https://support.mozilla.org/en-US/kb/Ho ... %20applets to my users, but I will have to follow up.
I also disabled Java in IE with Group Policy Preferences by setting the value of registry key HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in{version}\UseJava2IExplorer to 0.
I also disabled Java in IE with Group Policy Preferences by setting the value of registry key HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in{version}\UseJava2IExplorer to 0.
Re: Disabling Plug-Ins (specifically java) via Group Policy
Hi,
the fastest solution for me was: renaming the plugin-dll by using a startup-script.
I'm using mainly Java 6u33 here (for compatibility reasons with internal Software) what may or may not be affected by that CERT warning, but I've seen porting-attempts of this code in some internet sites.
So, to be sure, I disabled it for the moment. Anyway.
I'm deploying Java via Active Directory so I'm having a quite controlled environment. Kindly asking users to disable something they're thinking to 'need' is in my experience as effective at not doing it at all.
The plugin of Java 6 is stored under %programfiles%\java\jre6\bin\plugin2\npjp2.dll (or %programfiles(x86%) on 64bit machines).
If it is simply renamed FF can't load it, so the problem is solved atm. If it's restored and FF is rebooted, it is automatically load again. So that's a quite easy-not-so-beautiful-but-working solution. At least in my case in a controlled and more-or-less well-secured environment.
Hope that may help someone.
Cheers
the fastest solution for me was: renaming the plugin-dll by using a startup-script.
I'm using mainly Java 6u33 here (for compatibility reasons with internal Software) what may or may not be affected by that CERT warning, but I've seen porting-attempts of this code in some internet sites.
So, to be sure, I disabled it for the moment. Anyway.
I'm deploying Java via Active Directory so I'm having a quite controlled environment. Kindly asking users to disable something they're thinking to 'need' is in my experience as effective at not doing it at all.
The plugin of Java 6 is stored under %programfiles%\java\jre6\bin\plugin2\npjp2.dll (or %programfiles(x86%) on 64bit machines).
If it is simply renamed FF can't load it, so the problem is solved atm. If it's restored and FF is rebooted, it is automatically load again. So that's a quite easy-not-so-beautiful-but-working solution. At least in my case in a controlled and more-or-less well-secured environment.
Hope that may help someone.
Cheers
Re: Disabling Plug-Ins (specifically java) via Group Policy
For what it's worth, Java 7 Update 7 and Java 6 Update 35 have been released today, which fix the currently-published exploits.
I don't see anything in about:config to disable plugins in Firefox (you can just disable sandboxing of plugins using dom.ipc. entries), though if you roll in QuickJava you could, in theory, use that extension to disable Java since it will appear in about:config, but is it available for configuring through group policy? I wouldn't think so.
I don't see anything in about:config to disable plugins in Firefox (you can just disable sandboxing of plugins using dom.ipc. entries), though if you roll in QuickJava you could, in theory, use that extension to disable Java since it will appear in about:config, but is it available for configuring through group policy? I wouldn't think so.