Issue
When accessing an I/A Series R2 or I/A Series G3 station web page, a popup window is displayed warning of a possible security vulnerability.
The popup warning is displayed differently depending on the browser version and Java version installed on the computer used for viewing the graphics.
--------------------------------------------------------------------------
With Java 7 update 11 or newer, and Internet Explorer 8 or 9, the following popup windows is displayed (location string will vary):
Note that even if you check the "Do not show" checkbox, you will receive additional prompts because the prompt is displayed for each Java applet encountered in the current browsing session. Likewise, if you close the browser and reopen it, navigating to the same site, the prompts will again be displayed.
If accessing I/A Series G3 graphics, the following screen may be displayed:
A variant of this message is as follows:
---------------------------------------------------------------------------
If using a recent version of the Firefox web browser, the following message is shown in the graphic applet window:
"This plugin has security vulnerabilities. Click here to activate the Java(TM) Platform SE 7 U Plugin."
---------------------------------------------------------------------
When using the Mozilla Firefox browser to access I/A Series G3 graphics, the following security warning may be displayed (Click "I Understand the Risks" and follow prompts to continue):
Environment
Windows computer
Internet 9 or Firefox web browser
Cause
Known security vulnerabilities with the Java JRE software
Resolution
Since the issue is being reported by the Java software or the Java plugin in the browser, there is nothing we can do to directly resolve the issue.
There are several workarounds possible, depending on how the site deals with browser security issues.
The most secure approach is to allow the applet to be run each time you are prompted.
- If using Internet Explorer, click the [Run] button on the security warning popup window.
- If using Firefox, two actions may be needed. First if the warning "This connection is untrusted" is displayed, click the "I Understand the Risks"
Unfortunately, this is a Java issue, not an I/A Series R2 software issue. Oracle has added this popup to its browser plugin to warn the user that a downloaded Java applet may be unsafe to execute. According to information published by Oracle, it may take them up to two years to correct all the known security issues in the Java-JRE. Many of the known issues date back to before Oracle assumed ownership of Java.
The only workaround at this time is to downgrade the Java-JRE to a version that does not notify its user that the Java applet to be executed may pose a security risk.
We did some testing on Windows 7 with IE9 and found that Java 1.7.0.9 (Java 7 update 9) does not cause the prompt to be displayed. In addition, we found that in some cases we were able to greatly reduce the number of times the prompt appears in Java 1.7.0.17 by setting its security setting to Low (Java control panel applet, Security tab). On one of the virtual machines that we tested this on, the prompt would be displayed the first time you accessed the site and would not be displayed again until you closed the browser and reopened it. On a second computer, the prompt would be displayed each time you accessed a new site or re-opened the connection to the same site but not on multiple screen accesses from the same site. We are not sure at this time why some systems exhibit this different behavior.
Note that when using Firefox 19.0.2 and Java 7 update 9 or earlier, a different message is displayed when the web page attempts to open a java window. This window is not displayed when using any version of Java that includes its own security warning popup. The security warning popup I am referring to is the same one displayed when using Java 7 update 17 and other recent versions on Internet Explorer 9 or Firefox 19. This message is designed to notify the user that there is a known security vulnerability with the addon being used, in this case, the out-of-date Java plug-in.
There is a workaround published on the mozilla support site that documents a procedure for disabling these warnings when using the earlier versions of Java 7. This workaround does not solve the Java popup warning issue for the Firefox 19.0.2 / Java 1.7 update 17 combination. I did not test it with other combinations other than Firefox 19.0.2 / Java 7 update 9. Here is the configuration change for Firefox 19:
- Open Firefox
- Open a New tab
- Browse to about:config i.e., enter the string in the browser address bar
- Accept the security warning
- In the displayed list, right click on extensions.blocklist.enabled
- In the selection window, click Toggle to change the entry to false
- Close and reopen the browser.
This will disable the security warning for all browser plugin applets, including Java 7 update 11 and earlier, Java 6 Updates 31-38, Adobe Flash Player 10.2.*, 10.3 or 11.0-11.4, Microsoft Silverlight 4.1 and earlier or 5.0/5.1, and about two dozen other plugins that have known security issues.
At this time we have not found any workarounds for disabling the Java security warning popup that occurs with Java 7 update 12 and newer with either Internet Explorer or Firefox.
As additional information regarding this issue becomes available regarding Java and Internet browser updates, this article will be updated as required.
Depending on site security restrictions, it may be necessary to disable Java when not using it for accessing I/A Series R2 or G3 systems. See the following instructions from the Java web site:
To disable Java - http://java.com/en/download/help/disable_browser.xml
To enable Java - http://java.com/en/download/help/enable_browser.xml
In some cases, you may be able to bypass the warning but all your graphics pages do not load. This issue is sometimes caused by a security issue with some of the cached java temporary files. There is a workaround, as follows:
- In the Windows Control Panel, open the Java applet.
- Under the "General" tab, "Temporary Internet Files" section, click [Settings]
- Uncheck the box "Keep temporary files on my computer"
- Click [Ok] to save the change then click [OK] to exit the Java control panel.
