RE: Exploiting the Google toolbar (GM#001-MC)

From: GreyMagic Software (securityat_private)
Date: Mon Aug 19 2002 - 16:20:40 PDT

Next message: Stan Bubrouski: "Advisory: DoS in WebEasyMail +more possible?"

Previous message: Stan Bubrouski: "Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities"
Maybe in reply to: GreyMagic Software: "Exploiting the Google toolbar (GM#001-MC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It has been brought to our attention that the first problem we disclosed in
our Google advisory ("Tap [eavesdrop] to key presses in the toolbar's search
box") also affects the following toolbars:

Alexa v6.5.11775 from
http://pages.alexa.com/prod_serv/quicktour.html?p=TBMenu_W_t_40_L1

Ask Jeeves dated 18-Jul-2002 from
http://sp.ask.com/docs/toolbar/helpindex.html

We would like to thank John Davis for letting us know of these problems.

You can read about the vulnerability in detail at
http://sec.greymagic.com/adv/gm001-mc/ and you can also test the toolbars
above (or any other toolbar) using the first demonstration in that URL.

Next message: Stan Bubrouski: "Advisory: DoS in WebEasyMail +more possible?"
Previous message: Stan Bubrouski: "Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities"
Maybe in reply to: GreyMagic Software: "Exploiting the Google toolbar (GM#001-MC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 17:24:36 PDT