Java Version 6 Update 13

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Java Version 6 Update 13

This question is not answered

Just wondering how everyones recent Java update went.


I went for the offline installation and the first thing I noticed different from previous Java updates was that after clicking the installer, the first thing it wanted to do was connect to the Internet, supposedly to send anonymous data to Sun, I think. I denied this anyway.

Installation went fine, but on the final installation window, I'm was told that "JavaFX will be downloaded and installed when I click finish". Now all I wanted was to update my Java, so I disconnected my Internet before clicking finish. Not happy that I wasn't given the option of whether I wanted to install JavaFX or not.

Rebooted and tested my Java, all fine.

Now my questions:

  1. 1/ Did anybody install this JavaFX?
  2. 2/ What is it and is it needed?

 

Also noticed a new add-on in IE7, Deployment Toolkit by Sun Microsystems, whatever that's for. 


Seems to be a difference in the offline installers too, depending on where you download them from.

jre-6u13-windows-i586-p.exe

From:

http://java.sun.com/javase/downloads/index.jsp

And

jre-6u13-windows-i586-p-s.exe

From:

http://www.java.com/en/download/manual.jsp


Maybe the latter contains a toolbar, can't say for sure though, I  installed my Java from the first link above.

Regards,

All Replies
  • RD:

    I just downloaded the Slim version offline installer jre-6u13-windows-i586-p.exe, and didn't even notice the JavaFX message. It didn't add any software programs or toolbars according to Add/Remove. I think it is integral to jre now:
    http://en.wikipedia.org/wiki/JavaFX

    It did add the Deployment Toolkit to my add-ons in IE8.
    Here's what Sun says it is for:
    http://docs.sun.com/app/docs/doc/819-4439/gbpmb?a=view

    Since I didn't see any need for  the DK, I disabled it via Manage add-ons.
    After I disabled the add-on, the Verify Java Version page says:
    "Oops! You don't have the recommended Java installed."
    http://www.java.com/en/download/dt_verify.jsp?plugin=false&latest=false&users_jre=1.6.0

    Yet when I use the link on that page to go to actually Test JRE, I get a working applet that says:
    "Congratulations. The latest version of the JRE is installed and running correctly ...
    Version: Java 6 Update 13" 
    http://www.java.com/en/download/help/testvm.xml

    The Update release notes for 1.6.0_13 don't mention either of these, so I presume they were present in prior versions.
    http://java.sun.com/javase/6/webnotes/6u13.html

    I would also note that this update automatically uninstalled my previous version of jre in Add/Remove during the installation.

    All I can say is jre seems to work well.

    _________________________________________

    Dell Forum Member since 2,000

    WOT Web of Trust    Use OpenDNS   MalwareBytes' Anti-Malware Free

    (Mostly) Free Security Software- A Primer

  • I downloaded Java 13 from the second site you listed:

    http://www.java.com/en/download/manual.jsp

    I do not seem to have the add-on Deployment Toolkit by Sun Microsystems in Internet Explorer.  I did not notice the java FX, but i can't recall how carefully I was watching this download.  There was a place to download a toolbar which I unchecked.  I did download this update onto two machines. Everything seems to be working OK. Also I noticed that the old version of Java was automatically removed. This is the first time a Java update did this. In the past I had to manually uninstall the old version of Java.

    Forum Memeber Since 2001

  • JavaFX was introduced with update 10 of JRE6 --- quoting from my post of 22 Oct 2008:

    JRE 6u10 now includes JavaFX, which "extends the power of Java and delivers immersive media and content across the screen of your life".

     

    in addition to the "old" IE browser plugin ssv.dll and jusched startup program,

    version 10 also adds two new ["next generation"] browser plugins jp2ssv.dll and jqs_plugin.dll

    as well as a startup service jqs (java quick start).

    -------------------------------------------------------------------------------------------------------------------------

    Update 11 then started a new "era", in which newer versions of Java automatically removed any older updates numbered 10 or higher:

    So If you already had JRE 6 Update 10 installed, there was no longer a need to uninstall it separately - Update 11 uninstalled it automatically!

    But if you had JRE 6 Update 7 or earlier, these had to be uninstalled, separately, before or after the Update 11 installation

                                [note:  there was never an update 8 or 9 for JRE 6]

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Hi Red Dawn.

    Downloaded mine from here http://java.com/es/download/manual.jsp (Spanish) Java SE Runtime Environment, and installed off line. I noticed the Java FX announcement but it did not give a choice to uncheck. Did not see any Toolbar or installed any. Add-ons in IE8; Java(TM) platform SE binary, Plug-in 2 SSV helper, and JQSIEStart Detector Impl Class. Nothing else install.

    I imaging that the tool kit comes with the Java SE Development Kit (JDK). Since I installed JRE, I can not comment about it. If I am wrong, please explain.

    Hope it helps.

    PS: Thanks KY331, I have been uninstalling Java before installing the new one, no more. BTW did you notice that Kaspersky Lab was added in Java´s security certifications.

    Hernan.

    Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3.IE8 & FF28

    Avast!Free 9. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

    "We are all ignorant, but we don't all ignore the same things..." Albert Einstein

     "When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

  • Image and video hosting by TinyPic

     

    The message above is what got me, I interpreted it as an additional download, which was only compounded after a Google search turned up posts such as THIS and THIS.

    ...having one of those days unfortunately ConfusedBig Smile .

     

    Thanks all, for the feedback and help Wink.

    Regards,

  • Annie and Hernan,


    Not sure if it helps, but the Deployment Toolkit add-on can only be found installed in IE on an Admin. Acc. and not on a Standard Acc. (on my Vista system anyway).



    Regards,

  • Here's the word from Secunia on what the newest Java update fixes:   http://secunia.com/advisories/34451/

    Description:
    Some [highly critical] vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial ofService), or potentially compromise a user's system.

    1) An error while initialising LDAP connections can be exploited to render the LDAP service unresponsive.

    2) An error in the JRE LDAP client implementation can be exploited to load and execute arbitrary code via specially crafted data received from a malicious LDAP server.

    3) An integer overflow error in JRE when unpacking applets and in Java Web Start applications using the "unpack200" JAR unpacking utility can be exploited to potentially execute arbitrary code.

    This is related to vulnerability #15 in:
    SA32991

    4) An error in JRE when unpacking applets and in Java Web Start applications using the "unpack200" JAR unpacking utility can be exploited to cause a buffer overflow and potentially execute arbitrary code.

    5) Two errors when storing and processing temporary font files can be exploited by an untrusted applet or a Java Web Start application to consume an overly large amount of disk space.

    This is related to:
    SA20132

    6) An error in the Java Plug-in when deserializing applets can be exploited to e.g. read, write, or execute local files.

    7) The Java Plug-in allows JavaScript code loaded from the local system to connect to arbitrary local ports. This can be exploited in combination with cross-site scripting attacks to access normally restricted local ports.

    8) The Java Plug-in allows applets to run in earlier versions of JRE if approved by the user. This can be exploited to trick a user into loading a malicious applet into an old and potentially vulnerable JRE version.

    9) An error in the Java Plug-in when processing crossdomain.xml files can be exploited by an untrusted applet to connect to arbitrary domains providing a crossdomain.xml file.

    10) An error in the Java Plug-in can be exploited by a signed applet to alter the contents of the security dialog and trick a user into trusting the applet.

    11) An error in the JRE virtual machine when generating code can be exploited to e.g. read, write, or execute local files.

    NOTE: This vulnerability only affects JDK and JRE 6 Update 12 and earlier for the Solaris SPARC platform.

    12) An integer overflow error in JRE when processing PNG splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

    13) An error in JRE when processing GIF splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

    14) An error in JRE when processing GIF images can be exploited by an untrusted applet or an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

    15) A signedness error in JRE when processing Type1 fonts can be exploited to cause corrupt heap memory and potentially execute arbitrary code.

    16) An unspecified error in the JRE HTTP server implementation can be exploited to render a JAX-WS service endpoint unresponsive.

    Solution:
    Update to a fixed version.

    JDK and JRE 6 Update 13:
    http://java.sun.com/javase/downloads/index.jsp

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]