The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as My Computer by opening a window to tools.google.com or the res: protocol, then using script to modify the windows location to the toolbars configuration URL, which bypasses the origin verification check.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Toolbar | 1.1.41 (including) | 1.1.41 (including) | |
| Toolbar | 1.1.42 (including) | 1.1.42 (including) | |
| Toolbar | 1.1.43 (including) | 1.1.43 (including) | |
| Toolbar | 1.1.44 (including) | 1.1.44 (including) | |
| Toolbar | 1.1.45 (including) | 1.1.45 (including) | |
| Toolbar | 1.1.47 (including) | 1.1.47 (including) | |
| Toolbar | 1.1.48 (including) | 1.1.48 (including) | |
| Toolbar | 1.1.49 (including) | 1.1.49 (including) | |
| Toolbar | 1.1.53 (including) | 1.1.53 (including) | |
| Toolbar | 1.1.54 (including) | 1.1.54 (including) | |
| Toolbar | 1.1.55 (including) | 1.1.55 (including) | |
| Toolbar | 1.1.56 (including) | 1.1.56 (including) | |
| Toolbar | 1.1.57 (including) | 1.1.57 (including) | |
| Toolbar | 1.1.58 (including) | 1.1.58 (including) |