From: "Tom Davies" <tomdavies04@yahoo.co.uk>
Hi :) Yes, those are the crucial points. 1. It's mostly only Base that is affected by which version of java you are using. If you don't use Base you might even be able to stop LibreOffice from trying to use java at all! Tools - Options - LibreOffice - Java and un-tick the tick-box at the top. If you can do that then you might find LibreOffice opens significantly faster. 2. You can have more than one version of java on your machine. Most apps will try to use the newest version but you can force LibreOffice to choose one that works better for LibreOffice Tools - Options - LibreOffice - Java So your web-browser can be nice and safe. 3. I think the exploits would only work if contained inside a document that you opened using LibreOffice? ie after various anti-virus programs had nosed around. 4. Dependence on java is being slowly written out of LibreOffice to avoid this problem in the future although it's probably going to take a long time to remove it from Base completely! I think people are being steered away from Base back-ends that might depend on java. Regards from Tom :)
In reference to #3, that is a faux conclusion. JRE is installed into the OS and LO takes advantage of it in contrast to an application that includes JRE and uses it privately. Take Adobe Acrobat Professional v9.x as an example. It installs a private version of JRE that is used by Adobe Life Cycle Designer. C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin Which is; 1.5.0_11-b03 (version 5 update 11) That's is in contrast to the JRE distribution which is installed into the OS as a shared Java resource. C:\Program Files\Java\jre6 C:\Program Files\Java\jre7 Thus it is available to Internet Browsers such as IE and Firefox and all one has to do is visit a web site that hosts malicious code that seeks out vulnerable versions of Oracle Java and subsequently exploit it. You wrote in in #2... "Tools - Options - LibreOffice - Java...So your web-browser can be nice and safe. " Selecting which JRE to use in LO is exclusive to what the Internet Browser ultimately uses. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp -- For unsubscribe instructions e-mail to: users+help@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted