CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.

Published: Apr 11, 2003
Updated: Apr 13, 2023
CVE: CVE-2002-1442
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
google / toolbar	1.1.41	1.1.41.x
google / toolbar	1.1.58	1.1.58.x
google / toolbar	1.1.44	1.1.44.x
google / toolbar	1.1.42	1.1.42.x
google / toolbar	1.1.49	1.1.49.x
google / toolbar	1.1.55	1.1.55.x
google / toolbar	1.1.48	1.1.48.x
google / toolbar	1.1.57	1.1.57.x
google / toolbar	1.1.47	1.1.47.x
google / toolbar	1.1.43	1.1.43.x
google / toolbar	1.1.54	1.1.54.x
google / toolbar	1.1.53	1.1.53.x
google / toolbar	1.1.56	1.1.56.x
google / toolbar	1.1.45	1.1.45.x

Vulnerability Database

289,697

CVE-2002-1442