CVE-2007-6536

The CVE-2007-6536 issue affects Google Toolbar 4 and 5 beta where the Custom Button Installer dialog may display domain names in the “Downloaded from” and “Privacy considerations” fields without validating them. The root cause is lack of domain verification, enabling remote attackers to spoof dom...

CVE-2002-1444

The CVE-2002-1444 entry concerns Google Toolbar 1.1.60 running in Internet Explorer 5.5/6.0. Affected component: Google Toolbar HTML/ActiveX handling. Root cause: the vulnerability enables remote attackers to cause a denial of service (crash) through malicious HTML, with possible involvement of s...

CVE-2002-1443

CVE-2002-1443 affects Google Toolbar 1.1.58 and earlier. The vulnerability arises from an onkeydown event handler that allows remote websites to monitor a user’s input in the toolbar. The provided documents identify the affected product and the root cause (the event handler) and state the impact ...

CVE-2004-2475

The CVE-2004-2475 entry concerns a cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 that could allow remote scripts to be injected via about.html in the About section. The connected documentation notes that demonstrations using the res:// protocol may not cross privilege bound...

CVE-2002-1442

Affected product: Google Toolbar (IE) up to version 1.1.58 and earlier. Vulnerability: remote sites could trigger unauthorized toolbar operations, including script execution and file reading in other zones (e.g., My Computer) by opening a window to tools.google.com or the res: protocol and then u...