[dev] security vulnerability of using mozilla runtime?
NAKATA Maho
chat95 at mac.com
Thu Sep 16 20:38:11 PDT 2004
Dear nectar and all
I recieved a message about mozilla runtime which OOo port inernally uses.
Some people and portsaudit show us there are security risks using
mozilla 1.0.2, however, there not seem to be security vulnerabilities.
I'll delete WITHOUT_MOZILLA=yes as soon as possible.
In Message-ID: <41499F06.80200 at sun.com>
Frank Schönheit <frank.schoenheit at sun.com> wrote:
> hello Nakata,
>
> > o using mozilla runtime which came with OOo distribution inherits this
> > security vulnerability?
>
> none of the mentioned security holes should affect OOo 1.x, since the
> respective code is not used in 1.x.
> For 2.0, we offer SSL encryption for LDAP address data access, using
> Mozilla's LDAP/SSL libraries, so the third vulnarability you mention
> would indeed also affect OOo 2.0. I think we will change to the latest
> available 1.7.x before OOo 2.0 is shipped.
>
> Thanks & Ciao
> Frank
thanks!
--nakata maho
More information about the freebsd-openoffice
mailing list