Hi Dave and all,
I only run LibreOffice in Linux, specifically Ubuntu 11.04. Java
versions 1.6.0_24 and 1.6.0_26 essentially broke base. I have a database
with about 2600 records in. Before the two releases mentioned, going
from the first record to last record took a second. With either of those
two versions, it would take 20 to 25 seconds. It slowed mail merge to a
crawl also. The way that the older version, such as 1.6.0_21 is
installed in Linux, or at least specifically in Ubuntu, it is only
available for Libre Office. My browsers all are using the most current
version. I've checked. Also, 1.6.0_21 does not show up as an installed
package on the Linux system in synaptic package manager. It is only
being used for LibreOffice, primarily Base. There is no plugin installed
to make it available for browsers. I'm very security conscious. I've not
run LibreOffice on Windows, so I don't know if the issues of problems
with Java affected Windows installs or not. One post some time ago
indicated it only affected Linux installs of LibreOffice. Regardless, I
now have a functional Base working as it should, and still have the
security of the latest released version of Java for Ubuntu for my
browsers. Hopefully this will help you understand the issue.
Don
On 09/02/2011 07:04 AM, David H. Lipman wrote:
From: "Dave Sergeant"<dave@davesergeant.com>
On 1 Sep 2011 at 13:25, David H. Lipman wrote:
I have analyzed obfuscated Javascripts and viewed deobfuscated
Javascripts that uses a laundry list of vulnerabilities and software
versions in the vulnerability/exploitation attack vector.
What on earth has javascript to do with this issue? This is a JAVA
issue. Any vulnerabilities in javascript only affect javascript, which
is a totally different kettle of fish and doesn't even form part of LO.
I remain puzzled by this thread. I have Java 1.6.0.26 installed and
that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
deliberately install old potentially insecure versions of Java is very
bad advice, not to mention the copyright infringements of hosting it on
personal web space.
I'm sorry if this subject matter escapes you.
What I have tried to do is to explain the perils of using older versions of Oracle Java.
In this thread I have I tried to relate how using an older version can compromise your PC.
In short...
When you install an older version of JRE that version is made available via a Browser
Helper Object or Browser Plug-In to Internet Browsers. When you visit a malicious website
(or get redirected to a malicious web site by something like a hidden IFrame) that
malicious web site can use exploit code to compromise one's computer. Usually the exploit
code is in the form of an obfuscated Javascript and will use a laundry list of exploits
seeking out vulnerable software (such as JRE) and particular vulnerable versions.
--
***
*
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.