![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}
Note: This may be off topic for this list as all reports indicate that
the issue only concerns browsers. However LO (and AOO) accomodate http
links in documents; so until LO confirms there is no risk I'd recommend
turning off *all* java & only turn back on for necessary applications.
** No idea if openJDK has been affected yet.
Follow-up: U.S. says Java still risky, even after security update:
<http://www.reuters.com/article/2013/01/14/us-java-oracle-security-idUSBRE90D10P20130114>
Of course Reuters don't bother to provide a cite link, so I have:
<http://www.kb.cert.org/vuls/id/625617>
<quote>
Solution
Update to Java 7u11
Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11
addresses this (CVE-2013-0422) and an equally severe vulnerability
(CVE-2012-3174). Immunity[1] has indicated that only the reflection
vulnerability has been fixed. Java 7u11 sets the default Java security
settings to "High" so that users will be prompted before running
unsigned or self-signed Java applets.
Unless it is absolutely necessary to run Java in web browsers, disable
it as described below, even after updating to 7u11. This will help
mitigate other Java vulnerabilities that may be discovered in the future.
</quote>
Added note: Windows users - if you have javafx installed, you must
either uninstall it, or update it to the latest 2.2.4 version after you
update the Java7U11 in order for Firefox or SeaMonkey to recognize java.
Javafx update link is here:
<https://www.java.com/en/javafx/>
If you absolutely have to run java in FF or SM, I highly recommend
installing Prefbar so that you can easily turn on/off java simply by
checking the Java box.
<https://addons.mozilla.org/en-us/seamonkey/addon/prefbar/>
<http://prefbar.tuxfamily.org/help/buttons.html#java>
[1]
<http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html>
