Re: Adobe, JavaScript and Grants.gov Mauneel Desai 16 Dec 2009 17:29 EST

I forgot to mention that Adobe plans to have a fix for this by January 12, 2010.

- Mauneel

On Wed, Dec 16, 2009 at 4:22 PM, Mauneel Desai <xxxxxx@uic.edu> wrote:
> Tom is right. If you disable Javascript from Edit -> Preferences,
> Grants.Gov PDF package will NOT work. Javascript is needed when you
> submit the submission. I just re-confirmed this with Grants.Gov.
>
> Couple of our users even reported that they were not able to open the
> file once the Javascript was disabled. It gave them Javascript
> warnings and wouldn't let them move further.
>
> A good option is to use the JavaScript Blacklist functionality to
> block the affected method ["Doc.media.newPlayer()"]. This is an IT
> admin task. This way you are only blocking the affected method.
> Secunia has posted a note on this here:
>
> http://secunia.com/advisories/37690/2/
>
> By doing this you are still allowing other essential Javascript
> functions in Adobe.
>
> Thank you.
>
> --
> Mauneel D Desai
> Associate Director, IT
> Office of Vice Chancellor for Research
> University of Illinois @ Chicago
> Ph: (312) 413 - 7713
>
> On Wed, Dec 16, 2009 at 3:11 PM, Tom Drinane <xxxxxx@comcast.net> wrote:
>> This has happened before, and I think disabling Javascript does indeed
>> disable Grants.gov forms.
>>
>> I am telling people to disable Javascript, and enable it only when they are
>> working on forms, until Adobe sends a fix/update.
>>
>> On 12/16/2009 2:04 PM, Lipkin, Stuart wrote:
>>
>> Hi All,
>>
>>
>>
>> Wondering if someone information on the latest vulnerability in Adobe
>> Acrobat (http://www.adobe.com/support/security/advisories/apsa09-07.html)
>> and how it affects Grants.gov Adobe packages.
>>
>>
>>
>> Adobe has released guidance that you can disable javascript in its latest
>> versions to mitigate the security vulnerabilities.  However, I need to know
>> if this will “break” grants.gov packages.
>>
>>
>>
>> In the past, I believe this was the case, but after several calls to
>> Gratns.gov they are either not aware that there are any security issues with
>> Adobe or don’t know what would happen and seem uninterested in actually
>> asking someone technically inclined on their team to investigate.
>>
>>
>>
>> So, I’m posting here to see if I can get some better clarification.
>>
>>
>>
>> Thanks
>>
>>
>>
>> Stu
>>
>>
>>
>>
>>
>>
>>
>> ________________________________
>> This e-mail message (including any attachments) is for the sole use of
>> the intended recipient(s) and may contain confidential and privileged
>> information. If the reader of this message is not the intended
>> recipient, you are hereby notified that any dissemination, distribution
>> or copying of this message (including any attachments) is strictly
>> prohibited.
>>
>> If you have received this message in error, please contact
>> the sender by reply e-mail message and destroy all copies of the
>> original message (including attachments).
>>
>> ======================================================================
>> Instructions on how to use the RESADM-L Mailing List, including subscription
>> information and a web-searchable archive, are available via our web site at
>> http://www.hrinet.org (click on "Listserv Lists")
>> ======================================================================
>>
>> --
>> Tom Drinane
>> 8 Douglas Ridge
>> Norwich, VT  05055
>>
>> 802-356-7843 (M)
>> 802-649-5525 (H)
>> 603-646-3008 (W)
>> 802-526-2459 (Google Voice)
>>
>> ======================================================================
>> Instructions on how to use the RESADM-L Mailing List, including subscription
>> information and a web-searchable archive, are available via our web site at
>> http://www.hrinet.org (click on "Listserv Lists")
>> ======================================================================

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================