Daniel Fröjdendahl

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 136.0.7103.59 chromium in Debian Linux (affected versions not specified) **Description** The issue is related to insufficient data validation in DevTools, allowing a remote attacker to bypass discretionary access control via a crafted HTML page if the user is convinced to perform specific UI gestures. **Recommendations** For Google Chrome versions prior to 136.0.7103.59, update to version 136.0.7103.59 or later to resolve the issue. For chromium in Debian Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) **Description** The issue exists due to insufficient input validation in Microsoft SharePoint Server, allowing a remote attacker to conduct spoofing attacks. This can affect the system. **Recommendations** For Microsoft SharePoint Server, consider restricting access to vulnerable components until a patch is available. For Microsoft SharePoint Enterprise Server, restrict access to vulnerable modules to minimize the risk of exploitation. For Microsoft SharePoint Foundation, avoid using potentially vulnerable parameters in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 81 Thunderbird versions prior to 78.3 Firefox ESR versions prior to 78.3 **Description** The issue arises when Firefox sometimes runs the onload handler for SVG elements that the DOM sanitizer has decided to remove. This results in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. **Recommendations** For Firefox versions prior to 81, update to version 81 or later to resolve the issue. For Thunderbird versions prior to 78.3, update to version 78.3 or later to resolve the issue. For Firefox ESR versions prior to 78.3, update to version 78.3 or later to resolve the issue.