From: "Dave Sergeant" <[email protected]> > On 1 Sep 2011 at 13:25, David H. Lipman wrote: > >> I have analyzed obfuscated Javascripts and viewed deobfuscated >> Javascripts that uses a laundry list of vulnerabilities and software >> versions in the vulnerability/exploitation attack vector. >> > > What on earth has javascript to do with this issue? This is a JAVA > issue. Any vulnerabilities in javascript only affect javascript, which > is a totally different kettle of fish and doesn't even form part of LO. > > I remain puzzled by this thread. I have Java 1.6.0.26 installed and > that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to > deliberately install old potentially insecure versions of Java is very > bad advice, not to mention the copyright infringements of hosting it on > personal web space. >
I'm sorry if this subject matter escapes you. What I have tried to do is to explain the perils of using older versions of Oracle Java. In this thread I have I tried to relate how using an older version can compromise your PC. In short... When you install an older version of JRE that version is made available via a Browser Helper Object or Browser Plug-In to Internet Browsers. When you visit a malicious website (or get redirected to a malicious web site by something like a hidden IFrame) that malicious web site can use exploit code to compromise one's computer. Usually the exploit code is in the form of an obfuscated Javascript and will use a laundry list of exploits seeking out vulnerable software (such as JRE) and particular vulnerable versions. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
