Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Toolbar Custom Button Installer 安全漏洞
Vulnerability Description
Google Toolbar(Google工具栏)是美国谷歌(Google)公司的一款安装在浏览器上的搜索引擎,它可帮助用户查找需要的信息。 Google Toolbar 4版本和5 beta版本的Custom Button Installer对话框中存在安全漏洞,该漏洞源于程序没有验证‘Downloaded from’和‘Privacy considerations’段中特定的域名。远程攻击者可利用该漏洞伪造域名,诱使用户安装恶意的button XML文件。
CVSS Information
N/A
Vulnerability Type
N/A