It would have been better if they’d simply allowed Java to just do anything Javascript can do. As in, that, and only that.
Cas 
That’s kind of the idea of sandboxing. The problem is that the sandbox appears to have leaks. I wonder if the push to make the verifier faster also made it a good deal more lenient.
They could force sandboxing all applets. That would also remove the need for the security dialog.
Flash has more leaks than Applets do when you don’t use a security dialog (keeping it in sandboxed mode).
Although, many business applets would still need to turn on or install a plugin that allowed for unsecured applets.
I actually think they should have had 2 plugins 12 years ago. Then you would have the sandboxed way not only by default but would also require installation of a non-sandboxed capable java plugin.
I think I said this over ten year ago to a Sun employee. Oh well.
Funny thing is the whole situation could probably be averted before Mozilla make a rash decision like blocking Java, if only Oracle reach out to them and address the issue quickly. One of the main rationales behind such a move is the uncertainty on when Oracle will release a fix or even if they are aware of the bug. This is something Adobe have done really well with Flash and why browser vendors haven’t been as concerned about taking action themselves against the Flash plugin and its security holes.
Oracle should be pretty concerned about loosing 20-30% of their plugin market share, especially as they’ve already invested so much into JavaFX 2.0. However its likely Oracle will just continue giving the silent treatment to issue.
This is a really good point. Firefox blocked Silverlight a year or two ago, but only for a couple of days, because MS stepped up and fixed the security hole.
By saying “were only supporting this if it’s safe”, and actually sticking to that, it’s sending out a message to Adobe, MS, Oracle and other vendors, that they need to take security issues seriously. In the long run, that’s a good thing.
I actualy think it would be good for Mozillia to block applets, and not just because I think applets suck 
but because of what kappa and JL235 mentioned (and the security hole). I think that if a large browser like Fireox blocked applets it would force Oracle to take notice and at least fix the security holes. I’d even like it to go a step further and have browsers block Applets until their improved all together not just security patches. Thats my two cents anyway.
Z :point:
I don’t think about Javascript and I don’t think Flash vulnerabilities are only something of the past. If they block Java, they have to block Flash too. I think what the Mozilla Foundation is doing does not respect some European laws even though I think Oracle should fix these vulnerabilities as soon as possible.
Some interesting data: How Windows get infected with malware. Are they blocking Adobe Reader next then? :yawn:
Yes, in Chrome, it uses it’s own PDF viewer for extra security and reduced startup time.
There has also been a lot of movement to make Adobe Reader much safer on the web. PDF files are also far more popular then Applets, so people actually care.
Mozilla announced today that they have decided not to block the Java plugin. Annoucement found here.
The reason for them backing off seems due to the fix for the vulnerability which Oracle finally released today. Oracles slow reaction here could have had some pretty disastrous consequences for the Java plugin (i.e. 30%+ market share instantly wiped out).