Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index 

Hello,

in my opinion LibreOffice has a potential security hole.
As it's possible to install an addon by just passing it to the soffice executable, anything, a bad guy has to do, is to deliver a oxt file with the content type "application/vnd.oasis.opendocument.text". If this is linked to LibreOffice in Firefox, then it will be passed to it and anything, that stops this addon to do its bad job is one click on "OK".
In my opinion this shouldn't be possible at all. The only working way to install an addon should be via addon manager. It shouldn't be possible to just open a OXT file. Would it be a good idea to file this as bug? For the meantime I need a way to disable addon installation at all. How is this possible? 

Thanks in advance

Yours

Manuel

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.