CLSA-2026-1779136540 thunderbird: Fix of 2 CVEs

CVE-2024-0747: Document::Open inheriting CSP from a different window - CVE-2025-5268: Memory safety bugs gfxFont mHasSpaceFeatures atomicity, PresShell event-handler UAF, wasm uncheckedReadValType missing types...

CVE-2026-22235 OPEXUS eComplaint IDOR

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

SUSE CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

chanpenpakhaoma.tarad.com Cross Site Scripting vulnerability OBB-1215249

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...

July 11, 2017, update for Office 2013 (KB3172545)

July 11, 2017, update for Office 2013 KB3172545 This article describes update 3172545 for Microsoft Office 2013 that was released on July 11, 2017. This update also applies to Office Home and Student 2013 RT. This update has a prerequisite. Be aware that the update in the Microsoft Download Cente...

EulerOS 2.0 SP5 : libreoffice (EulerOS-SA-2019-1976)

According to the versions of the libreoffice packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning CVE-2018-16858 - LibreOffice...

LibreOffice Input Validation Error Vulnerability (CNVD-2019-39681)

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. LibreOffice suffers from a security-mode bypass vulnerability that can be exploited by an attacker to...

USN-2825-1: Oxide vulnerabilities

Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...

Google Chrome suffers from an unspecified vulnerability (CNVD-2015-07969)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'Document::open' function in the WebKit/Source/core/dom/Document.cpp file in versions of Google Chrome prior to 47.0.2526.73, which stems from the program's failure to ensure tha...

CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

CVE-2015-6782

CVE-2015-6782 affects Google Chrome/Chromium up to version 47.0.2526.73, where Document::open in WebKit's DOM handling fails to align page-dismissal with modal-dialog blocking. This enables remote attackers to spoof Omnibox content via a crafted website. Connected sources confirm the vulnerabilit...

CVE-2015-6782

Removed by vendor...

CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

UBUNTU-CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

CVE-2015-6782

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

chromium-browser: Content spoofing in Omnibox

The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site...

Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...

Multiple OpenOffice security vulnerabilities

Shell characters problem on document open, code execution...

DEBIAN-CVE-2006-4568

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.framesn.document.open, which facilitates spoofing and other attacks...