Hi Dave and all,
I only run LibreOffice in Linux, specifically Ubuntu 11.04. Java
versions 1.6.0_24 and 1.6.0_26 essentially broke base. I have a database
with about 2600 records in. Before the two releases mentioned, going
from the first record to last record took a second. With either of those
two versions, it would take 20 to 25 seconds. It slowed mail merge to a
crawl also. The way that the older version, such as 1.6.0_21 is
installed in Linux, or at least specifically in Ubuntu, it is only
available for Libre Office. My browsers all are using the most current
version. I've checked. Also, 1.6.0_21 does not show up as an installed
package on the Linux system in synaptic package manager. It is only
being used for LibreOffice, primarily Base. There is no plugin installed
to make it available for browsers. I'm very security conscious. I've not
run LibreOffice on Windows, so I don't know if the issues of problems
with Java affected Windows installs or not. One post some time ago
indicated it only affected Linux installs of LibreOffice. Regardless, I
now have a functional Base working as it should, and still have the
security of the latest released version of Java for Ubuntu for my
browsers. Hopefully this will help you understand the issue.
Don
On 09/02/2011 07:04 AM, David H. Lipman wrote:
From: "Dave Sergeant"<[email protected]>
On 1 Sep 2011 at 13:25, David H. Lipman wrote:
I have analyzed obfuscated Javascripts and viewed deobfuscated
Javascripts that uses a laundry list of vulnerabilities and software
versions in the vulnerability/exploitation attack vector.
What on earth has javascript to do with this issue? This is a JAVA
issue. Any vulnerabilities in javascript only affect javascript, which
is a totally different kettle of fish and doesn't even form part of LO.
I remain puzzled by this thread. I have Java 1.6.0.26 installed and
that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
deliberately install old potentially insecure versions of Java is very
bad advice, not to mention the copyright infringements of hosting it on
personal web space.
I'm sorry if this subject matter escapes you.
What I have tried to do is to explain the perils of using older versions of
Oracle Java.
In this thread I have I tried to relate how using an older version can
compromise your PC.
In short...
When you install an older version of JRE that version is made available via a
Browser
Helper Object or Browser Plug-In to Internet Browsers. When you visit a
malicious website
(or get redirected to a malicious web site by something like a hidden IFrame)
that
malicious web site can use exploit code to compromise one's computer. Usually
the exploit
code is in the form of an obfuscated Javascript and will use a laundry list of
exploits
seeking out vulnerable software (such as JRE) and particular vulnerable
versions.
--
***
*
--
For unsubscribe instructions e-mail to: [email protected]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
