In case you weren’t aware, last week, on Friday October 18, all versions of Java were marked as unsafe in Firefox 24. You can see the details in bug 914690.

When Monday rolled around reports of problems started coming in. Companies unable to use their software. People unable to do their banking. Citizens unable to access government sites. Hundreds of millions of users affected.

It took three days for the decision to be made to remove the block, and since the blocklist is cached, even more for users to see the results.

Looking back, I’m surprised out how lightly this change was taken. Marking Java as unsafe is a major change that affects millions of users; it should have been handled much better. Here are some of the things that were wrong with this decision: