Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Sylvestre Ledru 
Hello,

Le 02/12/2015 10:00, Black, Dana a écrit :
>
> Is an update to ESR 38.4 being developed to fix the issue with the
> java plugin? My organization is holding off on updating until a fix
> becomes available from Mozilla. Upgrading java is not an option.
>
>
First, I would like to thanks all of you for the feedback about this issue.

We took a mitigation fix for the Java VM plugin crash (
https://bugzilla.mozilla.org/show_bug.cgi?id=1221448 ).
It should be in 38.5 (planned next week).

Hope this helps,
Sylvestre

___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Eric Periard 
Security is not an option in your organization?

From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Sylvestre 
Ledru
Sent: Thursday, December 10, 2015 10:38 AM
To: Black, Dana; Enterprise@mozilla.org
Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

Hello,
Le 02/12/2015 10:00, Black, Dana a écrit :
Is an update to ESR 38.4 being developed to fix the issue with the java plugin? 
My organization is holding off on updating until a fix becomes available from 
Mozilla. Upgrading java is not an option.

First, I would like to thanks all of you for the feedback about this issue.

We took a mitigation fix for the Java VM plugin crash ( 
https://bugzilla.mozilla.org/show_bug.cgi?id=1221448 ).
It should be in 38.5 (planned next week).

Hope this helps,
Sylvestre
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Klaus Hartnegg 

Am 10.12.2015 um 16:40 schrieb Eric Periard:

Security is not an option in your organization?


Nobody wants a secure computer. Your computers are not secure either. 
Because computers are only secure if all cables are unplugged.


A computer which allows work to be done is always a compromise.

For example a computer center here until a few weeks ago told us that 
SAP can only be reached via a Java applet. Good luck trying to talk 
Juniper into rewriting the way to connect to that terminal server. This 
left us with no choice.


If you make sure that Java in the browser is only active for the applets 
on your intranet, then this is theoretically safe. Except that is is 
not, because Java until recently could be tricked to run applets from 
non-whitelisted domains. But even so there is still the ClickToRun 
feature of Firefox.


If Mozilla decides that crashing is better than leaking memory, then 
organizations can be forced to stay on the previous version. A perfectly 
secure Firefox can cause people to switch to other less secure browsers.

___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to enterprise-requ...@mozilla.org with a subject of 
"unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread James M. Pulver 
Yes, to follow up on this is that in (I will venture to say) most 
organizations, working and getting work done is going to always trump 
security. It does no good to have something secure if it doesn't 
actually do anything anyone needs.


James Pulver
CLASSE Computer Group
Cornell University

On 12/10/2015 02:10 PM, Klaus Hartnegg wrote:

Am 10.12.2015 um 16:40 schrieb Eric Periard:

Security is not an option in your organization?


Nobody wants a secure computer. Your computers are not secure either.
Because computers are only secure if all cables are unplugged.

A computer which allows work to be done is always a compromise.

For example a computer center here until a few weeks ago told us that
SAP can only be reached via a Java applet. Good luck trying to talk
Juniper into rewriting the way to connect to that terminal server. This
left us with no choice.

If you make sure that Java in the browser is only active for the applets
on your intranet, then this is theoretically safe. Except that is is
not, because Java until recently could be tricked to run applets from
non-whitelisted domains. But even so there is still the ClickToRun
feature of Firefox.

If Mozilla decides that crashing is better than leaking memory, then
organizations can be forced to stay on the previous version. A perfectly
secure Firefox can cause people to switch to other less secure browsers.
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to enterprise-requ...@mozilla.org with a subject of 
"unsubscribe"

[Mozilla Enterprise] Setting Preferences

2015-12-10 Thread Bradstream, George 
Hello All,
I recently just got into Software Distribution for my company & this is new for 
me
So sorry if this question seems to easy

How do I change preferences for firefox ESR, then deploy it out to my client 
devices over the network, keeping the new preferences?
I have tried going into about:config and changing things but it seems to only 
stick to the current user that I am logged into. Once I log into a different 
user, the preferences are once again set to default.

Please note our district is 90% mac and the rest windows

Thanks for any help



George Bradstream
Software Technician
(605) 923 0016
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Setting Preferences

2015-12-10 Thread Vrooman, Brad 
Hi George,

We use CCK2 (https://mike.kaply.com/cck2/) to configure Firefox ESR in our 
environment. For the Macs, I package up the various folders that CCK2 generates 
and dump them into the Firefox.app bundle after deploying Firefox (in our case, 
using Casper with a DMG package). That way the settings are applied the first 
time Firefox opens, and remain intact between users on the machine.

There are some guides online with more detail of how to do this. It’s a 
tremendous pain compared to Safari and Chrome, both of which can be managed 
with a normal config profile through your MDM of choice.

Regards,

Brad Vrooman
Tech Configuration Associate – Apple Products | Configuration Management (CFMT)
Alliance Data
alliancedataretail.com | 
LinkedIn | 
Facebook | 
Twitter

From: Enterprise 
mailto:enterprise-boun...@mozilla.org>> on 
behalf of "Bradstream, George" 
mailto:george.bradstr...@k12.sd.us>>
Date: Thursday, December 10, 2015 at 3:19 PM
To: "Enterprise@mozilla.org" 
mailto:Enterprise@mozilla.org>>
Subject: [Mozilla Enterprise] Setting Preferences

Hello All,
I recently just got into Software Distribution for my company & this is new for 
me
So sorry if this question seems to easy

How do I change preferences for firefox ESR, then deploy it out to my client 
devices over the network, keeping the new preferences?
I have tried going into about:config and changing things but it seems to only 
stick to the current user that I am logged into. Once I log into a different 
user, the preferences are once again set to default.

Please note our district is 90% mac and the rest windows

Thanks for any help



George Bradstream
Software Technician
(605) 923 0016

__
The information contained in this e-mail message and any attachments may be 
privileged and confidential. If the reader of this message is not the intended 
recipient or an agent responsible for delivering it to the intended recipient, 
you are hereby notified that any review, dissemination, distribution or copying 
of this communication is strictly prohibited. If you have received this 
communication in error, please notify the sender immediately by replying to 
this e-mail and delete the message and any attachments from your computer.
__
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

[Mozilla Enterprise] Java crash not fixed in 38.5

2015-12-10 Thread Klaus Hartnegg 
Am 10.12.2015 um 16:38 schrieb Sylvestre Ledru :
> We took a mitigation fix for the Java VM plugin crash ( 
> https://bugzilla.mozilla.org/show_bug.cgi?id=1221448 ).
> It should be in 38.5 (planned next week).

The bugreport now says that the fix came too late for 38.5.___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Java crash not fixed in 38.5

2015-12-10 Thread Klaus Hartnegg 
whoops, sorry, misread it. It says:
"Too last minute for 43, but I'm glad this made it to 44."
38 not mentioned. hopefully its in.

-- 
Message sent from a mobile device, please excuse brevity and typos___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Eric Periard 
That same mindset is what caused the Ashley Madison leak to begin with...

-Original Message-
From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Klaus 
Hartnegg
Sent: Thursday, December 10, 2015 2:11 PM
To: Enterprise@mozilla.org'
Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

Am 10.12.2015 um 16:40 schrieb Eric Periard:
> Security is not an option in your organization?

Nobody wants a secure computer. Your computers are not secure either. 
Because computers are only secure if all cables are unplugged.

A computer which allows work to be done is always a compromise.

For example a computer center here until a few weeks ago told us that SAP can 
only be reached via a Java applet. Good luck trying to talk Juniper into 
rewriting the way to connect to that terminal server. This left us with no 
choice.

If you make sure that Java in the browser is only active for the applets on 
your intranet, then this is theoretically safe. Except that is is not, because 
Java until recently could be tricked to run applets from non-whitelisted 
domains. But even so there is still the ClickToRun feature of Firefox.

If Mozilla decides that crashing is better than leaking memory, then 
organizations can be forced to stay on the previous version. A perfectly secure 
Firefox can cause people to switch to other less secure browsers.
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Jim Weill 
I'm no expert, but security is not a zero-sum game where you either have 
it or not.


Congratulations if your organization produces their own in-house apps, 
hardware and OS with security built in from the start, and timely 
patching for all problems that arise.  The rest of us have to rely on 
3rd party vendors over which we have no influence.


jim

On 12/10/2015 1:10 PM, Eric Periard wrote:

That same mindset is what caused the Ashley Madison leak to begin with...

-Original Message-
From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Klaus 
Hartnegg
Sent: Thursday, December 10, 2015 2:11 PM
To: Enterprise@mozilla.org'
Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

Am 10.12.2015 um 16:40 schrieb Eric Periard:

Security is not an option in your organization?

Nobody wants a secure computer. Your computers are not secure either.
Because computers are only secure if all cables are unplugged.

A computer which allows work to be done is always a compromise.

For example a computer center here until a few weeks ago told us that SAP can 
only be reached via a Java applet. Good luck trying to talk Juniper into 
rewriting the way to connect to that terminal server. This left us with no 
choice.

If you make sure that Java in the browser is only active for the applets on 
your intranet, then this is theoretically safe. Except that is is not, because 
Java until recently could be tricked to run applets from non-whitelisted 
domains. But even so there is still the ClickToRun feature of Firefox.

If Mozilla decides that crashing is better than leaking memory, then 
organizations can be forced to stay on the previous version. A perfectly secure 
Firefox can cause people to switch to other less secure browsers.
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to enterprise-requ...@mozilla.org with a subject of 
"unsubscribe"
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to enterprise-requ...@mozilla.org with a subject of 
"unsubscribe"



___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise 
or send an email to enterprise-requ...@mozilla.org with a subject of 
"unsubscribe"

Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

2015-12-10 Thread Allan E. Registos 
(Not security expert). Security is not the job of a single organization or 
application alone. You may have to rely on the third party's commitment to 
security, especially the underlying Operating System. For example, if you are 
using the Windows operating system with the default configuration, then you 
trust Microsoft for its security including running applications like the 
browser. You can configure Windows to be as secure as possible if you need it, 
however most people will just ignore it for it will require a computer 
scientist to hardened operating systems.

If you care about security without the hard work, try the Qubes OS Project 
where you can run Windows or any applications at their most secured 
configuration. 

Cheers,
Allan



- Original Message -
| From: "Eric Periard" 
| To: "Klaus Hartnegg" , "Enterprise@mozilla.org'" 

| Sent: Friday, December 11, 2015 5:10:06 AM
| Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem

| That same mindset is what caused the Ashley Madison leak to begin with...
| 
| -Original Message-
| From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Klaus
| Hartnegg
| Sent: Thursday, December 10, 2015 2:11 PM
| To: Enterprise@mozilla.org'
| Subject: Re: [Mozilla Enterprise] Firefox ESR 38.4 - Java Plugin Problem
| 
| Am 10.12.2015 um 16:40 schrieb Eric Periard:
|> Security is not an option in your organization?
| 
| Nobody wants a secure computer. Your computers are not secure either.
| Because computers are only secure if all cables are unplugged.
| 
| A computer which allows work to be done is always a compromise.
| 
| For example a computer center here until a few weeks ago told us that SAP can
| only be reached via a Java applet. Good luck trying to talk Juniper into
| rewriting the way to connect to that terminal server. This left us with no
| choice.
| 
| If you make sure that Java in the browser is only active for the applets on 
your
| intranet, then this is theoretically safe. Except that is is not, because Java
| until recently could be tricked to run applets from non-whitelisted domains.
| But even so there is still the ClickToRun feature of Firefox.
| 
| If Mozilla decides that crashing is better than leaking memory, then
| organizations can be forced to stay on the previous version. A perfectly 
secure
| Firefox can cause people to switch to other less secure browsers.
| ___
| Enterprise mailing list
| Enterprise@mozilla.org
| https://mail.mozilla.org/listinfo/enterprise
| 
| To unsubscribe from this list, please visit
| https://mail.mozilla.org/listinfo/enterprise or send an email to
| enterprise-requ...@mozilla.org with a subject of "unsubscribe"
| ___
| Enterprise mailing list
| Enterprise@mozilla.org
| https://mail.mozilla.org/listinfo/enterprise
| 
| To unsubscribe from this list, please visit
| https://mail.mozilla.org/listinfo/enterprise or send an email to
| enterprise-requ...@mozilla.org with a subject of "unsubscribe"
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"