https://bugs.documentfoundation.org/show_bug.cgi?id=135508
--- Comment #9 from Caolán McNamara <[email protected]> --- https://www.libreoffice.org/about-us/security/advisories/CVE-2017-3157/ https://www.libreoffice.org/about-us/security/advisories/CVE-2015-4551/ https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3575/ are three historical cases where we issued advisories that there existed cases where documents/links/previews were updated without a warning and we changed things so that wouldn't happen for what that's worth. The advisory arguments, for the normal desktop user case, mostly center around a attacker sending someone a document with a hidden section containing a link to a plausible location in the attacked users file system and convincing them to send it back to the attacker. IIRC its possible to use tools, options, macro security and "trusted sources" to designate a dir as a "trusted file location" which I think has an effect on this. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Libreoffice-ux-advise mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-ux-advise
