← Back

Toolbar

toolbar

Vendor: Yahoo • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-2253
1Yahoo
1Toolbar
May 13, 2026
Jul 17, 2017
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan hors...Show more
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.Show less
CVE-2013-6853
1Yahoo
1Toolbar
Apr 29, 2026
Jan 26, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTM...Show more
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.Show less
CVE-2012-2647
1Yahoo
1Toolbar
Apr 29, 2026
Jul 31, 2012
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2007-6535
1Yahoo
1Toolbar
Apr 23, 2026
Dec 27, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
CVE-2007-6228
1Yahoo
1Toolbar
Apr 23, 2026
Dec 4, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.