Java SE 6 Update 20 released

[TonyE]

An update for Java has been released and is recommended for all users. It fixes a security vulnerability that is being exploited.

You can download the update from http://www.java.com/en/download/index.jsp" onclick="window.open(this.href);return false;

Updating to the latest version of Java may not be enough to make your computer safe, from US-CERT Vulnerability Note VU#886582

The installer for Java 1.6.0_20 may not correctly update all instances of the Java Deployment Toolkit plugin. In some cases, the plugin that resides in the \bin\new_plugin directory may not be updated to the fixed 6.0.200.2 version of npdeployJava1.dll. If the new_plugin directory contains npdeploytk.dll version 6.0.190.4 or earlier, then browsers that use plug-ins, such as Mozilla Firefox or Google Chrome, may still be vulnerable. To correct this situation, delete the vulnerable npdeploytk.dll from the new_plugin directory and replace it with the npdeployJava1.dll version from the bin directory.

Mozilla have recently blocklisted the older Java Deployment Toolkit plugin, if you check your list of plugins in Firefox you may find that it has already been disabled.

[HansV]

Thanks - that comes hard upon the heels of Update 19!

[BobArch2]

An update for Java has been released and is recommended...

If the new_plugin directory contains npdeploytk.dll version 6.0.190.4 or earlier, then browsers that use plug-ins, such as Mozilla Firefox or Google Chrome, may still be vulnerable. To correct this situation, delete the vulnerable npdeploytk.dll from the new_plugin directory and replace it with the npdeployJava1.dll version from the bin directory.

Mozilla have recently blocklisted the older Java Deployment Toolkit plugin, if you check your list of plugins in Firefox you may find that it has already been disabled.

I installed the Java 6.0.20 update when it was released. Several minutes after the install, an error message popped up concerning the Java Console. I checked the add-ons in Firefox and found that the Java Console 6.0.19 had not been removed. The Uninstall icon was greyed out so I just Disabled the plug-in. Any idea how the 6.0.19 Java Console item can be removed?

The plug-in directory does show the proper npdeployJava1.dll and its properties show it is related to 6.0.20.

Java6019.gif

[StuartR]

Funny, I just had to do this.

You need to go to to the folder C:\Program Files\Mozilla Firefox\Extensions [if you have a 64 bit operating system this may be in Program Files (X86)].

In that folder you will find a number of folders with long numeric names. Open each folder and view the file install.rdf using notepad. You will see that one of them includes:

Code: Select all

    <em:name>Java Console</em:name>
    ...
    <em:version>6.0.19</em:version>

Delete the entire folder that contains this file.

[BobArch2]

... Delete the entire folder that contains this file.

Thanks Stuart... that did the trick!!

Java6019b.gif