Re: Adobe, JavaScript and Grants.gov Mauneel Desai 16 Dec 2009 17:22 EST

Tom is right. If you disable Javascript from Edit -> Preferences,
Grants.Gov PDF package will NOT work. Javascript is needed when you
submit the submission. I just re-confirmed this with Grants.Gov.

Couple of our users even reported that they were not able to open the
file once the Javascript was disabled. It gave them Javascript
warnings and wouldn't let them move further.

A good option is to use the JavaScript Blacklist functionality to
block the affected method ["Doc.media.newPlayer()"]. This is an IT
admin task. This way you are only blocking the affected method.
Secunia has posted a note on this here:

http://secunia.com/advisories/37690/2/

By doing this you are still allowing other essential Javascript
functions in Adobe.

Thank you.

--
Mauneel D Desai
Associate Director, IT
Office of Vice Chancellor for Research
University of Illinois @ Chicago
Ph: (312) 413 - 7713

On Wed, Dec 16, 2009 at 3:11 PM, Tom Drinane <xxxxxx@comcast.net> wrote:
> This has happened before, and I think disabling Javascript does indeed
> disable Grants.gov forms.
>
> I am telling people to disable Javascript, and enable it only when they are
> working on forms, until Adobe sends a fix/update.
>
> On 12/16/2009 2:04 PM, Lipkin, Stuart wrote:
>
> Hi All,
>
>
>
> Wondering if someone information on the latest vulnerability in Adobe
> Acrobat (http://www.adobe.com/support/security/advisories/apsa09-07.html)
> and how it affects Grants.gov Adobe packages.
>
>
>
> Adobe has released guidance that you can disable javascript in its latest
> versions to mitigate the security vulnerabilities.  However, I need to know
> if this will “break” grants.gov packages.
>
>
>
> In the past, I believe this was the case, but after several calls to
> Gratns.gov they are either not aware that there are any security issues with
> Adobe or don’t know what would happen and seem uninterested in actually
> asking someone technically inclined on their team to investigate.
>
>
>
> So, I’m posting here to see if I can get some better clarification.
>
>
>
> Thanks
>
>
>
> Stu
>
>
>
>
>
>
>
> ________________________________
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
>
> ======================================================================
> Instructions on how to use the RESADM-L Mailing List, including subscription
> information and a web-searchable archive, are available via our web site at
> http://www.hrinet.org (click on "Listserv Lists")
> ======================================================================
>
> --
> Tom Drinane
> 8 Douglas Ridge
> Norwich, VT  05055
>
> 802-356-7843 (M)
> 802-649-5525 (H)
> 603-646-3008 (W)
> 802-526-2459 (Google Voice)
>
> ======================================================================
> Instructions on how to use the RESADM-L Mailing List, including subscription
> information and a web-searchable archive, are available via our web site at
> http://www.hrinet.org (click on "Listserv Lists")
> ======================================================================

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================