[26740] in bugtraq
RE: Exploiting the Google toolbar (GM#001-MC)
daemon@ATHENA.MIT.EDU (GreyMagic Software)
Mon Aug 19 20:28:55 2002
From: "GreyMagic Software" <security@greymagic.com>
To: "Bugtraq" <bugtraq@securityfocus.com>
Date: Tue, 20 Aug 2002 01:20:40 +0200
Message-ID: <LPBBLDGNEFOGMGAEHJPBCEHICPAA.security@greymagic.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
It has been brought to our attention that the first problem we disclosed in
our Google advisory ("Tap [eavesdrop] to key presses in the toolbar's search
box") also affects the following toolbars:
Alexa v6.5.11775 from
http://pages.alexa.com/prod_serv/quicktour.html?p=TBMenu_W_t_40_L1
Ask Jeeves dated 18-Jul-2002 from
http://sp.ask.com/docs/toolbar/helpindex.html
We would like to thank John Davis for letting us know of these problems.
You can read about the vulnerability in detail at
http://sec.greymagic.com/adv/gm001-mc/ and you can also test the toolbars
above (or any other toolbar) using the first demonstration in that URL.
