On 09/01/2011 11:08 AM, David H. Lipman wrote: > From: "Tom Davies" <[email protected]> > >> Hi :) >> Yes, those are the crucial points. >> 1. It's mostly only Base that is affected by which version of java you are >> using. If you don't use Base you might even be able to stop LibreOffice from >> trying to use java at all! >> Tools - Options - LibreOffice - Java >> and un-tick the tick-box at the top. If you can do that then you might find >> LibreOffice opens significantly faster. >> >> >> 2. You can have more than one version of java on your machine. Most apps >> will >> try to use the newest version but you can force LibreOffice to choose one >> that >> works better for LibreOffice >> Tools - Options - LibreOffice - Java >> So your web-browser can be nice and safe. >> >> 3. I think the exploits would only work if contained inside a document that >> you >> opened using LibreOffice? ie after various anti-virus programs had nosed >> around. >> >> >> 4. Dependence on java is being slowly written out of LibreOffice to avoid >> this >> problem in the future although it's probably going to take a long time to >> remove >> it from Base completely! I think people are being steered away from Base >> back-ends that might depend on java. >> >> >> Regards from >> Tom :) >> > > > > In reference to #3, that is a faux conclusion. > > JRE is installed into the OS and LO takes advantage of it in contrast to an > application > that includes JRE and uses it privately. > > Take Adobe Acrobat Professional v9.x as an example. > It installs a private version of JRE that is used by Adobe Life Cycle > Designer. > C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin > Which is; 1.5.0_11-b03 (version 5 update 11) > > That's is in contrast to the JRE distribution which is installed into the OS > as a shared > Java resource. > C:\Program Files\Java\jre6 > C:\Program Files\Java\jre7 > > Thus it is available to Internet Browsers such as IE and Firefox and all one > has to do is > visit a web site that hosts malicious code that seeks out vulnerable versions > of Oracle > Java and subsequently exploit it. > > You wrote in in #2... > "Tools - Options - LibreOffice - Java...So your web-browser can be nice and > safe. " > > Selecting which JRE to use in LO is exclusive to what the Internet Browser > ultimately > uses. >
Well said. In addition: http://java.com/en/download/faq/remove_olderversions.xml Let's also hope that 'webcracked' abides by Oracles license and in particular: ==== 7. EXPORT REGULATIONS. C. LICENSE TO DISTRIBUTE SOFTWARE D. LICENSE TO DISTRIBUTE REDISTRIBUTABLES ==== Personally I wouldn't want to be on the other side of Oracle's legal office these days. -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
