To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=58013
------- Additional comments from [EMAIL PROTECTED] Wed Dec 6 09:16:03 -0800 2006 ------- This bug is a _severe security issue_ and can effectively be used to run any arbitrary command with the priviledges of the current user! The reason are missing quotes in most of the scripts to launch the preferred browser or mail client. The attached quoting_scripts.patch file adds necessary quotes in: shell/source/unix/misc/cde-open-url.sh shell/source/unix/misc/gnome-open-url.sh shell/source/unix/misc/kde-open-url.sh shell/source/unix/misc/open-url.sh --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]