On 01/13/2013 08:35 AM, James Knott wrote:
The warnings were specific to Oracle's implementation not any other version. I do not know if this a simplification by the writers/editors or if only Oracle's implementation is affected. Being cautious, I would assume if an implementation is not specifically cleared I assume it is also vulnerable. Apparently this vulnerability can lead to some very nasty malware exploiting the system.Jay Lozier wrote:Yes, all OS's are affected because Java is cross platform. I am not sure if any of the previous version are affected or if only the current release is affected.The primary concern is Java applets run by your browser. The vulnerability allows a zero-day browser exploit that as yet is not patched by Oracle. The primary concerns I have heard of are installation of keyloggers and installation of ransomware. I would assume the malware will use the JVM to run and would be cross platform. AFAIK, Oracle has not yet announced when a patch will be available.As I mentioned in another note, I'm running OpenJDK, not Oracle Java. So the question becomes is it a problem in general with Java or just Oracle's.
To be safe I would disable Java (not JavaScript) in all web browsers until patches are issued. From what I understand disabling Java will have a minimal impact for most users on the Web.
-- Jay Lozier jslozier@gmail.com -- For unsubscribe instructions e-mail to: users+help@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted