Toolbar
by Google
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1444 | 0.04 | — | 0.14 | Aug 15, 2002 | The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the… | |||
| CVE-2007-2678 | 0.03 | — | 0.04 | May 15, 2007 | Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2004-2475 | 0.03 | — | 0.03 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege… | |||
| CVE-2007-6536 | 0.00 | — | 0.01 | Dec 27, 2007 | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users… | |||
| CVE-2002-1443 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. | |||
| CVE-2002-1442 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the… |
- CVE-2002-1444Aug 15, 2002risk 0.04cvss —epss 0.14
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the…
- CVE-2007-2678May 15, 2007risk 0.03cvss —epss 0.04
Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2004-2475Dec 31, 2004risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege…
- CVE-2007-6536Dec 27, 2007risk 0.00cvss —epss 0.01
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…
- CVE-2002-1443Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
- CVE-2002-1442Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the…