Hello, in my opinion LibreOffice has a potential security hole.
As it's possible to install an addon by just passing it to the soffice executable, anything, a bad guy has to do, is to deliver a oxt file with the content type "application/vnd.oasis.opendocument.text". If this is linked to LibreOffice in Firefox, then it will be passed to it and anything, that stops this addon to do its bad job is one click on "OK".
In my opinion this shouldn't be possible at all. The only working way to install an addon should be via addon manager. It shouldn't be possible to just open a OXT file. Would it be a good idea to file this as bug? For the meantime I need a way to disable addon installation at all. How is this possible?
Thanks in advance Yours Manuel _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
