The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a users input into the toolbar via an onkeydown event handler.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Toolbar | 1.1.41 (including) | 1.1.41 (including) | |
| Toolbar | 1.1.42 (including) | 1.1.42 (including) | |
| Toolbar | 1.1.43 (including) | 1.1.43 (including) | |
| Toolbar | 1.1.44 (including) | 1.1.44 (including) | |
| Toolbar | 1.1.45 (including) | 1.1.45 (including) | |
| Toolbar | 1.1.47 (including) | 1.1.47 (including) | |
| Toolbar | 1.1.48 (including) | 1.1.48 (including) | |
| Toolbar | 1.1.49 (including) | 1.1.49 (including) | |
| Toolbar | 1.1.53 (including) | 1.1.53 (including) | |
| Toolbar | 1.1.54 (including) | 1.1.54 (including) | |
| Toolbar | 1.1.55 (including) | 1.1.55 (including) | |
| Toolbar | 1.1.56 (including) | 1.1.56 (including) | |
| Toolbar | 1.1.57 (including) | 1.1.57 (including) | |
| Toolbar | 1.1.58 (including) | 1.1.58 (including) |
References
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
- http://online.securityfocus.com/archive/1/286527
- http://sec.greymagic.com/adv/gm001-mc/
- http://toolbar.google.com/whatsnew.php3
- http://www.securityfocus.com/bid/5426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10054
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
- http://online.securityfocus.com/archive/1/286527
- http://sec.greymagic.com/adv/gm001-mc/
- http://toolbar.google.com/whatsnew.php3
- http://www.securityfocus.com/bid/5426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10054