27 matches found
libreoffice: Remote documents loaded without prompt via IFrame
A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating...
ALSA-2023:6508 Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
CVE-2023-2255 Remote documents loaded without prompt via IFrame
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...
Insider Logic Bombs
Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The...
Cross domain access to object constructors can be used to facilitate cross-site scripting – Opera Security Advisories
JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document’s host objects, a malicious script...
Mozilla Foundation Security Advisory 2010-14
Mozilla Foundation Security Advisory 2010-14 Title: Browser chrome defacement via cached XUL stylesheets Impact: Low Announced: March 23, 2010 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.8 Firefox 3.0.18 Thunderbird 3.0.2 SeaMonkey 2.0.3...