From: "Tom Davies" <[email protected]> > Hi :) > Yes, those are the crucial points. > 1. It's mostly only Base that is affected by which version of java you are > using. If you don't use Base you might even be able to stop LibreOffice from > trying to use java at all! > Tools - Options - LibreOffice - Java > and un-tick the tick-box at the top. If you can do that then you might find > LibreOffice opens significantly faster. > > > 2. You can have more than one version of java on your machine. Most apps > will > try to use the newest version but you can force LibreOffice to choose one that > works better for LibreOffice > Tools - Options - LibreOffice - Java > So your web-browser can be nice and safe. > > 3. I think the exploits would only work if contained inside a document that > you > opened using LibreOffice? ie after various anti-virus programs had nosed > around. > > > 4. Dependence on java is being slowly written out of LibreOffice to avoid > this > problem in the future although it's probably going to take a long time to > remove > it from Base completely! I think people are being steered away from Base > back-ends that might depend on java. > > > Regards from > Tom :) > > >
In reference to #3, that is a faux conclusion. JRE is installed into the OS and LO takes advantage of it in contrast to an application that includes JRE and uses it privately. Take Adobe Acrobat Professional v9.x as an example. It installs a private version of JRE that is used by Adobe Life Cycle Designer. C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin Which is; 1.5.0_11-b03 (version 5 update 11) That's is in contrast to the JRE distribution which is installed into the OS as a shared Java resource. C:\Program Files\Java\jre6 C:\Program Files\Java\jre7 Thus it is available to Internet Browsers such as IE and Firefox and all one has to do is visit a web site that hosts malicious code that seeks out vulnerable versions of Oracle Java and subsequently exploit it. You wrote in in #2... "Tools - Options - LibreOffice - Java...So your web-browser can be nice and safe. " Selecting which JRE to use in LO is exclusive to what the Internet Browser ultimately uses. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
