Given the Zero-Day Java 7 vulnerabilities (see Paul B Gallagher's thread: 'Java 7u10 vulnerability in browsers' and for those using OpenJDK & Icedtea for Java JRE:
Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). <<http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/>> <http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/> This confirms that OpenJDK7 and IcedTea7 were vulnerable - of course I reckon that it will take awhile for the builds to get pushed to the distro's. Note that "OpenJDK 6 is not affected.". So if you are using OpenJDK7 I'd recommend installing OpenJDK6 (you can leave OpenJDK7 installed[1]), and then using update-alternatives to set OpenJDK6 as the system JRE. For Debian/Ubuntu users: $ sudo apt-get updates && sudo apt-get upgrade $ sudo apt-get install openjdk-6-jre $ sudo apt-get install icedtea6-plugin $ sudo update-alternatives --config java $ sudo update-alternatives --config mozilla-javaplugin.so Ensure that you are using OpenJDK6 instead of OpenJDK7. Example: ~$ java -version java version "1.6.0_24" OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1) OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) If you enable Java in SeaMonkey (I recommend using Prefbar to turn Java on/off), the IcedTead plugin (Ubuntu in this example) in about:config will show: IcedTea-Web Plugin (using IcedTea-Web 1.2 (1.2-2ubuntu1.3)) File: /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so Version: The IcedTea-Web Plugin executes Java applets. I'd also check your LibreOffice/ApacheOO installs & select OpenJDK6: Tools|Options|Java| select 'Sun Microsystems, Inc. 1.6.0_24 Note: I do not know of the current zero-day vulnerablity affecting LibreOffice/ApacheOO - but to be cautious I revert to OpenJDK6. [1] I keep openJDK7 installed so that it will be updated when the distro packagers issue the security update. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
