CVE-2007-6536

Google Toolbar 4-5 beta - Open Redirect

Title source: llm
STIX 2.1

Description

The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26923
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28166
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485288/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39164
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/39499
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3491

Scores

EPSS 0.0125
EPSS Percentile 65.9%

Details

CWE
CWE-200
Status published
Products (2)
google/toolbar 4
google/toolbar 5 beta
Published Dec 27, 2007
Tracked Since Feb 18, 2026