icedtea plugin shouldn't be installed by default
Bug #889171 reported by
Marc Deslauriers
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubuntu-restricted-addons (Ubuntu) |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Bug Description
The icedtea java browser plugin should no longer get installed automatically with this package, for the following reasons:
- It is in no way restricted, unlike the sun java plugin which it replaced
- Use of java applets on the web has dramatically dropped off
- The Plugin Finder service lets users easily install the plugin if it is required
- The ubuntu-
- The java plugin is one of the most attacked components by malware
The security team would like this removed as to greatly reduce the number of users who needlessly have this installed in order to reduce the attack surface of the default desktop.
Related branches
| visibility: | private → public |
| Changed in ubuntu-restricted-addons (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in ubuntu-restricted-addons (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package ubuntu-
---------------
ubuntu-
* Drop icedtea6-plugin for security reasons (LP: #889171):
- it's not restricted, unlike sun-java6-plugin which it replaced
- use of java applets on the web has dropped off
- the plugin finder service easily lets users install it if needed
- this package gets installed for a large number of users because of
the checkbox in the installer
- the java plugin is one of the most attacked components by malware
-- Marc Deslauriers <email address hidden> Fri, 11 Nov 2011 11:29:26 -0500