Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index 

From: "Dave Sergeant" <dave@davesergeant.com>


On 1 Sep 2011 at 13:25, David H. Lipman wrote:


I have analyzed obfuscated Javascripts and viewed deobfuscated
Javascripts that uses a laundry list of vulnerabilities and software
versions in the vulnerability/exploitation attack vector.



What on earth has javascript to do with this issue? This is a JAVA
issue. Any vulnerabilities in javascript only affect javascript, which
is a totally different kettle of fish and doesn't even form part of LO.

I remain puzzled by this thread. I have Java 1.6.0.26 installed and
that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
deliberately install old potentially insecure versions of Java is very
bad advice, not to mention the copyright infringements of hosting it on
personal web space.



I'm sorry if this subject matter escapes you.

What I have tried to do is to explain the perils of using older versions of Oracle Java. 
In this thread I have I tried to relate how using an older version can compromise your PC.

In short...
When you install an older version of JRE that version is made available via a Browser 
Helper Object or Browser Plug-In to Internet Browsers.  When you visit a malicious website 
(or get redirected to a malicious web site by something like a hidden IFrame) that 
malicious web site can use exploit code to compromise one's computer.  Usually the exploit 
code is in the form of an obfuscated Javascript and will use a laundry list of exploits 
seeking out vulnerable software (such as JRE) and particular vulnerable versions.



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.