CVE Vulnerabilities

CVE-2004-2475

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration codes use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

Affected Software

Name Vendor Start Version End Version
Toolbar Google 1.1.41 (including) 1.1.41 (including)
Toolbar Google 1.1.42 (including) 1.1.42 (including)
Toolbar Google 1.1.43 (including) 1.1.43 (including)
Toolbar Google 1.1.44 (including) 1.1.44 (including)
Toolbar Google 1.1.45 (including) 1.1.45 (including)
Toolbar Google 1.1.47 (including) 1.1.47 (including)
Toolbar Google 1.1.48 (including) 1.1.48 (including)
Toolbar Google 1.1.49 (including) 1.1.49 (including)
Toolbar Google 1.1.53 (including) 1.1.53 (including)
Toolbar Google 1.1.54 (including) 1.1.54 (including)
Toolbar Google 1.1.55 (including) 1.1.55 (including)
Toolbar Google 1.1.56 (including) 1.1.56 (including)
Toolbar Google 1.1.57 (including) 1.1.57 (including)
Toolbar Google 1.1.58 (including) 1.1.58 (including)
Toolbar Google 1.1.59 (including) 1.1.59 (including)
Toolbar Google 1.1.60 (including) 1.1.60 (including)
Toolbar Google 2.0.114.1 (including) 2.0.114.1 (including)

References