A local stored cross site scripting vulnerability affects Y! Toolbar for FireFox on MAC version 3.1.0.20130813024103 and Windows version 2.5.9.2013418100420.
142248a0c37ee7fab8c5439b25c68e5735667f364eea08f98a2fd5994f534c29-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox
on MAC Version 3.1.0.20130813024103 and Windows Version
2.5.9.2013418100420.
Published January 14, 2014 on XSS.Cx by Hoyt LLC
Summary: A local Stored XSS via Code Injection in Y! Toolbar DOM for
FireFox on MAC Version 3.1.0.20130813024103 and Windows Version
2.5.9.2013418100420 allows remote attackers to inject arbitrary Javascript
into the Yahoo Toolbar for Firefox on MAC, Version 3.1.0.20130813024103 via
AddBMToolbar : function(domBuilder).
Report URL:
http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html
Cheers!
- -D
-----BEGIN PGP SIGNATURE-----
Version: 10.2.0.2526
wsBVAwUBUtZ/hHz+WcLIygj0AQiqowf8Cr/oHbnVurNR8LtsZGmt/X/FM4K/MHkL
bBKBllEtWpYZZXg76DmM0qYrvbzXk3dYN8i04OA2FXPJEZguoEQVBqgwzfmfeEHP
b+cOsgR/+MJ/1iQ0q6RcXrghYXmyjSmzxXcGF7wsVSOtLmnrSbAxx+/VJiknCRRC
Y0H0Tbc1HB5kPjQu0Fax1+PCbMRspAFiMBpV0ZDvhnDNaMgkhUMVhI8489aLnwxt
qHGCXMvw9eSJkzE4Du82LbYNQbgtrffj+mwWEwFMeuB1euBMklvo/QdLp7Bcn49g
R5/Eyh+LbRzD5NB3BL2QTm1jW7SYCAKvtd7H/GJWoKgj+joNG/N9Lg==
=mH1u
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed