Re: Adobe, JavaScript and Grants.gov Mauneel Desai 16 Dec 2009 17:29 EST
I forgot to mention that Adobe plans to have a fix for this by January 12, 2010. - Mauneel On Wed, Dec 16, 2009 at 4:22 PM, Mauneel Desai <xxxxxx@uic.edu> wrote: > Tom is right. If you disable Javascript from Edit -> Preferences, > Grants.Gov PDF package will NOT work. Javascript is needed when you > submit the submission. I just re-confirmed this with Grants.Gov. > > Couple of our users even reported that they were not able to open the > file once the Javascript was disabled. It gave them Javascript > warnings and wouldn't let them move further. > > A good option is to use the JavaScript Blacklist functionality to > block the affected method ["Doc.media.newPlayer()"]. This is an IT > admin task. This way you are only blocking the affected method. > Secunia has posted a note on this here: > > http://secunia.com/advisories/37690/2/ > > By doing this you are still allowing other essential Javascript > functions in Adobe. > > Thank you. > > -- > Mauneel D Desai > Associate Director, IT > Office of Vice Chancellor for Research > University of Illinois @ Chicago > Ph: (312) 413 - 7713 > > On Wed, Dec 16, 2009 at 3:11 PM, Tom Drinane <xxxxxx@comcast.net> wrote: >> This has happened before, and I think disabling Javascript does indeed >> disable Grants.gov forms. >> >> I am telling people to disable Javascript, and enable it only when they are >> working on forms, until Adobe sends a fix/update. >> >> On 12/16/2009 2:04 PM, Lipkin, Stuart wrote: >> >> Hi All, >> >> >> >> Wondering if someone information on the latest vulnerability in Adobe >> Acrobat (http://www.adobe.com/support/security/advisories/apsa09-07.html) >> and how it affects Grants.gov Adobe packages. >> >> >> >> Adobe has released guidance that you can disable javascript in its latest >> versions to mitigate the security vulnerabilities. However, I need to know >> if this will “break” grants.gov packages. >> >> >> >> In the past, I believe this was the case, but after several calls to >> Gratns.gov they are either not aware that there are any security issues with >> Adobe or don’t know what would happen and seem uninterested in actually >> asking someone technically inclined on their team to investigate. >> >> >> >> So, I’m posting here to see if I can get some better clarification. >> >> >> >> Thanks >> >> >> >> Stu >> >> >> >> >> >> >> >> ________________________________ >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> >> ====================================================================== >> Instructions on how to use the RESADM-L Mailing List, including subscription >> information and a web-searchable archive, are available via our web site at >> http://www.hrinet.org (click on "Listserv Lists") >> ====================================================================== >> >> -- >> Tom Drinane >> 8 Douglas Ridge >> Norwich, VT 05055 >> >> 802-356-7843 (M) >> 802-649-5525 (H) >> 603-646-3008 (W) >> 802-526-2459 (Google Voice) >> >> ====================================================================== >> Instructions on how to use the RESADM-L Mailing List, including subscription >> information and a web-searchable archive, are available via our web site at >> http://www.hrinet.org (click on "Listserv Lists") >> ====================================================================== ====================================================================== Instructions on how to use the RESADM-L Mailing List, including subscription information and a web-searchable archive, are available via our web site at http://www.hrinet.org (click on "Listserv Lists") ======================================================================