[Japanese]

JVNDB-2012-000072

Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Overview

Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.

Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.

Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Yahoo Japan Corporation
  • Installer of Yahoo! Toolbar for Chrome Ver.1.0.0.5 and earlier
  • Installer of Yahoo! Toolbar for Safari Ver.1.0.0.5 and earlier

Impact

A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Yahoo Japan Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-2647
References

  1. JVN : JVN#51769987
  2. National Vulnerability Database (NVD) : CVE-2012-2647
Revision History

  • [2012/07/30]
      Web page was published
    [2012/08/02]
      Title : Information was updated to reflect the versions affected more clearly
      Overview : Information was updated to reflect the versions affected more clearly
      Affected Products : Information was updated to reflect the versions affected more clearly