If you use Firefox you can use NoScript addon and block java content on all websites
i don’t know the exact component but some of the functionality of Libreoffice Java is required
On 2013-01-13 12:25, dd wrote:
> On 01/13/2013 05:16 AM, vazhavandan wrote:
>>
>> If you use Firefox you can use NoScript addon and block java content on
>> all websites
>
> NoScript blocks javascript only…which has nothing at all to do
> with the security threat posed by Java…
>
And what is that security threat? with my limited internet I haven’t
read anything yet.
(argh… I don’t even have a spell checker in th now)
–
Cheers/Saludos
Carlos E. R. (12.1 test at Minas-Anor)
Am 13.01.2013 05:16, schrieb vazhavandan:
> i don’t know the exact component but some of the functionality of
> Libreoffice Java is required
>
Java desktop programs (or where it is part of desktop or cli programs)
has nothing and really absolutely nothing to do with security flaws when
used in browsers where it is supposed to run sandboxed.
Please don’t mix that, outside the browser plugins java is just another
programming language running on top of a small virtual machine like many
other programming languages (clang/llvm, clisp, python, ocaml …) and
has not more and no less security flaws than anything else (for most of
these the operating system and its helper programs will take care).
–
PC: oS 12.2 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.5 | GTX 650 Ti
ThinkPad E320: oS 12.2 x86_64 | i3@2.30GHz | 8GB | KDE 4.9.4 | HD 3000
eCAFE 800: oS 11.4 i586 | AMD Geode LX 800@500MHz | 512MB | lamp server
The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013
and in CERT TA13-010A:
A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack).
On 01/13/2013 12:46 PM, Carlos E. R. wrote:
> And what is that security threat? with my limited internet I haven’t
> read anything yet.
there is a posting in nntp://opensuse.org.news.tech-news from Malcolm
yesterday giving a URL (below) which is an image heavy “TV news site” so
i’ll give some TEXT highlights first:
On 2013-01-13 13:35, dd wrote:
> On 01/13/2013 12:46 PM, Carlos E. R. wrote:
>> And what is that security threat? with my limited internet I haven’t
>> read anything yet.
>
> there is a posting in nntp://opensuse.org.news.tech-news from Malcolm
> yesterday giving a URL (below) which is an image heavy “TV news site” so
> i’ll give some TEXT highlights first:
Thanks, and also to arvidjaar.
It seems serious.
Well, it seems that it affects jave 7 only, I’m using the previous version.
–
Cheers/Saludos
Carlos E. R. (12.1 test at Minas-Anor)
On 2013-01-13 14:26, vazhavandan wrote:
>
> robin_listas;2517910 Wrote:
>>
>> Well, it seems that it affects jave 7 only, I’m using the previous
>> version.
>>
> I think almost all versions of JAVA in use are listed
> ‘National Vulnerability Database (NVD) National Vulnerability Database
> (CVE-2013-0422)’
> (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422)
Oh
–
Cheers/Saludos
Carlos E. R. (12.1 test at Minas-Anor)
Check “noscript” options, the “Embeddings” tab. There you can block java, flash, silverlight, other plugins, frame, iframe - for untrusted sites. Actually, you can block for trusted sites too, and then individually enable.
On 01/13/2013 03:16 PM, nrickert wrote:
>
> Wrong!
you are right! i thought NoScript was true to its name (and blocked
javascript)…i believe that was the way it started out, years ago and
am happy to see it has expanded its capability to also block Java (which
has nothing to do with javascript)
good! now we all know how to block the browser’s Java, while waiting on
the vulnerabilities to be fixed…
You are welcome. If you use multiple browsers then you may need to disable them in all of them too. For example in opera you can go to opera:plugins and disable the relevant plugins
If you want to feel safe you may disable it. Disabling plugin will not affect Libreoffice or any other desktop application which requires Java
You can keep it disabled until you need to run an applet (or) need to run jnlp.