[Libreoffice-ux-advise] [Bug 135508] Relative linked text sections should automatically read on document opening
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Thu Jan 14 16:43:22 UTC 2021
https://bugs.documentfoundation.org/show_bug.cgi?id=135508
--- Comment #9 from Caolán McNamara <caolanm at redhat.com> ---
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-3157/
https://www.libreoffice.org/about-us/security/advisories/CVE-2015-4551/
https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3575/
are three historical cases where we issued advisories that there existed cases
where documents/links/previews were updated without a warning and we changed
things so that wouldn't happen for what that's worth. The advisory arguments,
for the normal desktop user case, mostly center around a attacker sending
someone a document with a hidden section containing a link to a plausible
location in the attacked users file system and convincing them to send it back
to the attacker.
IIRC its possible to use tools, options, macro security and "trusted sources"
to designate a dir as a "trusted file location" which I think has an effect on
this.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Libreoffice-ux-advise
mailing list