icedtea plugin shouldn't be installed by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-restricted-addons (Ubuntu) |
Fix Released
|
Medium
|
Marc Deslauriers |
Bug Description
The icedtea java browser plugin should no longer get installed automatically with this package, for the following reasons:
- It is in no way restricted, unlike the sun java plugin which it replaced
- Use of java applets on the web has dramatically dropped off
- The Plugin Finder service lets users easily install the plugin if it is required
- The ubuntu-
- The java plugin is one of the most attacked components by malware
The security team would like this removed as to greatly reduce the number of users who needlessly have this installed in order to reduce the attack surface of the default desktop.
Related branches
visibility: | private → public |
Changed in ubuntu-restricted-addons (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
This bug was fixed in the package ubuntu- restricted- addons - 9
--------------- restricted- addons (9) precise; urgency=low
ubuntu-
* Drop icedtea6-plugin for security reasons (LP: #889171):
- it's not restricted, unlike sun-java6-plugin which it replaced
- use of java applets on the web has dropped off
- the plugin finder service easily lets users install it if needed
- this package gets installed for a large number of users because of
the checkbox in the installer
- the java plugin is one of the most attacked components by malware
-- Marc Deslauriers <email address hidden> Fri, 11 Nov 2011 11:29:26 -0500