They honestly had to though. their aggressive stance on plugins risked losing them significant market share in the Java-heavier parts of the world.
They couldn't let a few rogue cowboy-developers with an agenda and complete user disconnect overnight just ruin what Mozilla have spent decades building up.
The plugin is quite dangerous, an "aggressive" stance sounds reasonable to me.
But what would persisting with claims that Java plug-ins are always dangerous have achieved? By a similar argument, the Firefox team fixes several security vulnerabilities they themselves describe as "critical" in each new six-weekly release, so they ought to have advised users not to run Firefox either. Software has bugs, and security flaws need to be fixed, but something about glass houses and stones kept coming to mind with the previous stance. The new one seems a reasonable balance and a constructive policy, and I welcome it as such.
And some software has almost an order of magnitude more vulnerabilities while simultaneously being unnecessary for most folks.
Oracle has been issuing ~50 per quarter recently, an incredibly long time to wait for critical fixes. In security, less is more. Now that Windows has become safer, the big targets are Java and Flash. It continues to be good practice to avoid standing behind big targets.
Firefox has had in the region of 30-40 advisories per quarter recently, hardly an order of magnitude more vulnerabilities than the ~50 you mentioned as the Java plug-in's recent record.
Also, as has been pointed out in numerous recent debates about Java, it might be unnecessary for most folks, but there are still many millions who use it routinely. Indeed, this is precisely why I think Mozilla's U-turn on this issue was a sensible move.
Yes. and thanks for demonstrating the user disconnect I was just referring to. the internet is big, so it's an easy thing to fall into.
for better or worse some places java is the one sanctioned way to sign into online banks and sign official documents online.
Having your browser constantly telling you that you can't do that anymore, completely out of the blue, tends to cause dramatic reduction in browser usage in those areas.
They couldn't let a few rogue cowboy-developers with an agenda and complete user disconnect overnight just ruin what Mozilla have spent decades building up.