First published: Tue Mar 18 2003(Updated: )
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Google toolbar | =1.1.41 | |
Google toolbar | =1.1.58 | |
Google toolbar | =1.1.44 | |
Google toolbar | =1.1.42 | |
Google toolbar | =1.1.49 | |
Google toolbar | =1.1.55 | |
Google toolbar | =1.1.48 | |
Google toolbar | =1.1.57 | |
Google toolbar | =1.1.47 | |
Google toolbar | =1.1.43 | |
Google toolbar | =1.1.54 | |
Google toolbar | =1.1.53 | |
Google toolbar | =1.1.56 | |
Google toolbar | =1.1.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.