Posted by Sven Gothel on Oct 03, 2011; 9:38am
URL: https://forum.jogamp.org/JOGL-on-OSX-Lion-tp3378258p3389273.html

On Monday, October 03, 2011 10:07:16 AM gouessej [via jogamp] wrote:
>
> It is a good piece of news, Ardor3D guys will be able to give it a try on
> their Macs.

Nice. I hope they will contact us (me specifically in regards to NEWT)
for bugs and other issues.

Great stuff.

+++

>
> However, the Mozilla Foundation plans to block the applets... :(
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=689661
> https://bugzilla.mozilla.org/show_bug.cgi?id=689661 

ho .. ho .. ho :)

They are discussing things .. vulnerabilities actually in regards of BEAST
(tls 1.0 flaw).

One comment makes a god summary I guess:
  https://bugzilla.mozilla.org/show_bug.cgi?id=689661#c41

Yes, other bugs are discussed as well:
  - Same Origin Policy (SOP)
  - ???  

You very well pointed out that other plugins shall be disabled as well
and this notion is being considered in their discussion AFAIK,
hence they focus on fixing the FF layers in regards to BEAST.
So it's not just about Java at all, but TLS.

However, I don't think they really can be successful up until
openssl and their clients support TLS >= 1.1 properly
if the exploit is mainly based on the TLS 1.0 vulnerability.

In the meantime I agree that click-to-play is a good alternative
for allowing the user to make her choice.
At some point in time .. let's hope these things will be solved
within the responsible modules (TLS, networking, javascript, ..).

>
> http://www.theregister.co.uk/2011/09/29/firefox_killing_java/
> http://www.theregister.co.uk/2011/09/29/firefox_killing_java/ 

They love these kind of 'news' of course :)
TBH .. I learned about BEAST on their site as well.

~Sven