Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline - no need for Oracleaccount

Hi Dave and all,

I only run LibreOffice in Linux, specifically Ubuntu 11.04. Java 
versions 1.6.0_24 and 1.6.0_26 essentially broke base. I have a database 
with about 2600 records in. Before the two releases mentioned, going 
from the first record to last record took a second. With either of those 
two versions, it would take 20 to 25 seconds. It slowed mail merge to a 
crawl also. The way that the older version, such as 1.6.0_21 is 
installed in Linux, or at least specifically in Ubuntu, it is only 
available for Libre Office. My browsers all are using the most current 
version. I've checked. Also, 1.6.0_21 does not show up as an installed 
package on the Linux system in synaptic package manager. It is only 
being used for LibreOffice, primarily Base. There is no plugin installed 
to make it available for browsers. I'm very security conscious. I've not 
run LibreOffice on Windows, so I don't know if the issues of problems 
with Java affected Windows installs or not. One post some time ago 
indicated it only affected Linux installs of LibreOffice. Regardless, I 
now have a functional Base working as it should, and still have the 
security of the latest released version of Java for Ubuntu for my 
browsers. Hopefully this will help you understand the issue.

Don

On 09/02/2011 07:04 AM, David H. Lipman wrote:
> From: "Dave Sergeant"<dave@davesergeant.com>
>
> > On 1 Sep 2011 at 13:25, David H. Lipman wrote:
> >
> > > I have analyzed obfuscated Javascripts and viewed deobfuscated
> > > Javascripts that uses a laundry list of vulnerabilities and software
> > > versions in the vulnerability/exploitation attack vector.
> > What on earth has javascript to do with this issue? This is a JAVA
> > issue. Any vulnerabilities in javascript only affect javascript, which
> > is a totally different kettle of fish and doesn't even form part of LO.
> >
> > I remain puzzled by this thread. I have Java 1.6.0.26 installed and
> > that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
> > deliberately install old potentially insecure versions of Java is very
> > bad advice, not to mention the copyright infringements of hosting it on
> > personal web space.
> I'm sorry if this subject matter escapes you.
>
> What I have tried to do is to explain the perils of using older versions of Oracle Java.
> In this thread I have I tried to relate how using an older version can compromise your PC.
>
> In short...
> When you install an older version of JRE that version is made available via a Browser
> Helper Object or Browser Plug-In to Internet Browsers.  When you visit a malicious website
> (or get redirected to a malicious web site by something like a hidden IFrame) that
> malicious web site can use exploit code to compromise one's computer.  Usually the exploit
> code is in the form of an obfuscated Javascript and will use a laundry list of exploits
> seeking out vulnerable software (such as JRE) and particular vulnerable versions.

--

***
*


--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted