CyberSecurityBoard
Sponsor Register Login

CVE-2006-2783

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. Fixed in: Firefox 1.5.0.4 Thunderbird 1.5.0.4 SeaMonkey 1.0.2

Publication date: Sat, 03 Jun 2006 00:02:00 +0000


Cyber News related to CVE-2006-2783

Mozilla warns Windows users of critical Firefox sandbox escape flaw - In October, Mozilla also patched a zero-day vulnerability (CVE-2024-9680) in Firefox's animation timeline feature exploited by the Russian-based RomCom cybercrime group that let the attackers gain code execution in the web browser's sandbox. ...
8 months ago Bleepingcomputer.com CVE-2024-9680
CISA tags recently patched Chrome bug as actively exploited - This is the second actively exploited Chrome zero-day patched by Google this year, after another high-severity Chrome zero-day bug (CVE-2025-2783), which was abused to target Russian government organizations, media outlets, and educational ...
7 months ago Bleepingcomputer.com CVE-2025-2783
Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild - “The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even ...
8 months ago Cybersecuritynews.com CVE-2025-2783
Operation ForumTroll - APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections - Security researchers describe the vulnerability as particularly dangerous because it allows attackers to bypass Chrome’s sandbox “as if it didn’t exist,” effectively eliminating a critical browser security layer. The campaign ...
8 months ago Cybersecuritynews.com CVE-2025-2783
CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, ...
8 months ago Cybersecuritynews.com CVE-2025-2783
Google fixes high severity Chrome flaw with public exploit - The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is described as an insufficient policy enforcement in Google Chrome's Loader component that lets remote attackers leak cross-origin data via maliciously crafted ...
7 months ago Bleepingcomputer.com CVE-2025-2783
CVE-2006-2783 - Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the ...
7 years ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com
Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
5 months ago Bleepingcomputer.com CVE-2025-7656
Google fixes fourth actively exploited Chrome zero-day of 2025 - Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, ...
5 months ago Bleepingcomputer.com CVE-2025-4664
CVE-2007-2783 - Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should ...
7 years ago
CVE-2025-2857 - Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a ...
8 months ago
CVE-2010-2783 - IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. ...
6 years ago
CVE-2011-2783 - Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. ...
5 years ago
CVE-2019-2783 - Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated ...
5 years ago
CVE-2017-2783 - An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code ...
3 years ago
CVE-2022-2783 - In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token ...
2 years ago
CVE-2023-2783 - Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. ...
2 years ago
CVE-2024-2783 - The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due ...
1 year ago Tenable.com
CVE-2018-2783 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit ...
3 years ago
CVE-2025-2783 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) ...
8 months ago CVE-2025-2783 CVE-2025-2857 CVE-2024-49039 CVE-2025-4664
CVE-2020-2783 - Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access ...
3 years ago
CVE-2013-2783 - The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000. ...
12 years ago
CVE-2009-2783 - Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. ...
12 years ago
CVE-2016-2783 - Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted ...
8 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)