Description
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Affected products
- Google / toolbar1.1.41 – 1.1.41
- Google / toolbar1.1.42 – 1.1.42
- Google / toolbar1.1.43 – 1.1.43
- Google / toolbar1.1.44 – 1.1.44
- Google / toolbar1.1.45 – 1.1.45
- Google / toolbar1.1.47 – 1.1.47
- Google / toolbar1.1.48 – 1.1.48
- Google / toolbar1.1.49 – 1.1.49
- Google / toolbar1.1.53 – 1.1.53
- Google / toolbar1.1.54 – 1.1.54
- Google / toolbar1.1.55 – 1.1.55
- Google / toolbar1.1.56 – 1.1.56
- Google / toolbar1.1.57 – 1.1.57
- Google / toolbar1.1.58 – 1.1.58
References
- MISChttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
- MISChttp://online.securityfocus.com/archive/1/286527
- MISChttp://sec.greymagic.com/adv/gm001-mc/
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/10054
- MISChttp://toolbar.google.com/whatsnew.php3
- MISChttp://www.securityfocus.com/bid/5426