Search

Find a vulnerability

Search criteria

    10 vulnerabilities by Yahoo Japan Corporation

    CVE-2017-2253 (GCVE-0-2017-2253)

    Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN02852421/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Yahoo Japan Corporation Installer of Yahoo! Toolbar (for Internet explorer) Affected: v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
    Create a notification for this product.
    Date Public
    2017-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.054Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#02852421",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of Yahoo! Toolbar (for Internet explorer)",
              "vendor": "Yahoo Japan Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
                }
              ]
            }
          ],
          "datePublic": "2017-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#02852421",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yahoo Japan Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#02852421",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2253",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2253 (GCVE-0-2017-2253)

    Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN02852421/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Yahoo Japan Corporation Installer of Yahoo! Toolbar (for Internet explorer) Affected: v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
    Create a notification for this product.
    Date Public
    2017-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.054Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#02852421",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of Yahoo! Toolbar (for Internet explorer)",
              "vendor": "Yahoo Japan Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
                }
              ]
            }
          ],
          "datePublic": "2017-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#02852421",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yahoo Japan Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#02852421",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN02852421/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2253",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2017-000173

    Vulnerability from jvndb - Published: 2017-07-12 14:42 - Updated:2018-02-07 16:48
    Severity
    Summary
    Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
    Details
    Installer of Yahoo! Toolbar (for Internet explorer) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000173.html",
      "dc:date": "2018-02-07T16:48+09:00",
      "dcterms:issued": "2017-07-12T14:42+09:00",
      "dcterms:modified": "2018-02-07T16:48+09:00",
      "description": "Installer of Yahoo! Toolbar (for Internet explorer) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000173.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
        "@product": "Installer of Yahoo! Toolbar",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000173",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN02852421/index.html",
          "@id": "JVN#02852421",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2253",
          "@id": "CVE-2017-2253",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2253",
          "@id": "CVE-2017-2253",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2014-000116

    Vulnerability from jvndb - Published: 2014-09-25 14:54 - Updated:2014-09-25 14:54
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
    Details
    Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan Corporation to publish this JVN advisory under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000116.html",
      "dc:date": "2014-09-25T14:54+09:00",
      "dcterms:issued": "2014-09-25T14:54+09:00",
      "dcterms:modified": "2014-09-25T14:54+09:00",
      "description": "Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nYahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN.\r\nJPCERT/CC coordinated with Yahoo Japan Corporation to publish this JVN advisory under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000116.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_box_for_android",
        "@product": "Yahoo! Japan Box for Android",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000116",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN48270605/index.html",
          "@id": "JVN#48270605",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/vu/JVNVU90369988/index.html",
          "@id": "JVNVU#90369988",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5881",
          "@id": "CVE-2014-5881",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-5881",
          "@id": "CVE-2014-5881",
          "@source": "NVD"
        },
        {
          "#text": "http://www.kb.cert.org/vuls/id/582497",
          "@id": "VU#582497",
          "@source": "CERT-VN"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates"
    }

    JVNDB-2013-000079

    Vulnerability from jvndb - Published: 2013-08-19 15:50 - Updated:2013-08-23 18:42
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
    Details
    Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000079.html",
      "dc:date": "2013-08-23T18:42+09:00",
      "dcterms:issued": "2013-08-19T15:50+09:00",
      "dcterms:modified": "2013-08-23T18:42+09:00",
      "description": "Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nZachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000079.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:japan_shopping",
        "@product": "Yahoo! Japan Shopping",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000079",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN75084836/index.html",
          "@id": "JVN#75084836",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4700",
          "@id": "CVE-2013-4700",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4700",
          "@id": "CVE-2013-4700",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates"
    }

    JVNDB-2013-000078

    Vulnerability from jvndb - Published: 2013-08-19 15:35 - Updated:2013-08-23 18:43
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yafuoku! contains an issue where it fails to verify SSL server certificates
    Details
    Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000078.html",
      "dc:date": "2013-08-23T18:43+09:00",
      "dcterms:issued": "2013-08-19T15:35+09:00",
      "dcterms:modified": "2013-08-23T18:43+09:00",
      "description": "Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nZachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000078.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yafuoku%21",
        "@product": "Yafuoku!",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000078",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN68156832/index.html",
          "@id": "JVN#68156832",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4699",
          "@id": "CVE-2013-4699",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4699",
          "@id": "CVE-2013-4699",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yafuoku! contains an issue where it fails to verify SSL server certificates"
    }

    JVNDB-2013-000045

    Vulnerability from jvndb - Published: 2013-05-27 15:04 - Updated:2013-05-27 15:04
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Browser vulnerable to address bar spoofing
    Details
    Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN#55074201. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000045.html",
      "dc:date": "2013-05-27T15:04+09:00",
      "dcterms:issued": "2013-05-27T15:04+09:00",
      "dcterms:modified": "2013-05-27T15:04+09:00",
      "description": "Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.\r\nNote that this vulnerability is different from JVN#55074201.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000045.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
        "@product": "Yahoo! Browser",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000045",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN31817913/index.html",
          "@id": "JVN#31817913",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2316",
          "@id": "CVE-2013-2316",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2316",
          "@id": "CVE-2013-2316",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Browser vulnerable to address bar spoofing"
    }

    JVNDB-2013-000037

    Vulnerability from jvndb - Published: 2013-04-26 15:50 - Updated:2013-04-26 15:50
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Browser vulnerable to address bar spoofing
    Details
    Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000037.html",
      "dc:date": "2013-04-26T15:50+09:00",
      "dcterms:issued": "2013-04-26T15:50+09:00",
      "dcterms:modified": "2013-04-26T15:50+09:00",
      "description": "Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000037.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
        "@product": "Yahoo! Browser",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000037",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN55074201/",
          "@id": "JVN#55074201",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2307",
          "@id": "CVE-2013-2307",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2307",
          "@id": "CVE-2013-2307",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Browser vulnerable to address bar spoofing"
    }

    JVNDB-2012-000072

    Vulnerability from jvndb - Published: 2012-07-30 14:56 - Updated:2012-08-02 16:33
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
    Details
    Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
      "dc:date": "2012-08-02T16:33+09:00",
      "dcterms:issued": "2012-07-30T14:56+09:00",
      "dcterms:modified": "2012-08-02T16:33+09:00",
      "description": "Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.\r\n\r\nYahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
        "@product": "Installer of Yahoo! Toolbar",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2012-000072",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN51769987/",
          "@id": "JVN#51769987",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2647",
          "@id": "CVE-2012-2647",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2647",
          "@id": "CVE-2012-2647",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration"
    }

    JVNDB-2012-000070

    Vulnerability from jvndb - Published: 2012-07-13 15:00 - Updated:2012-07-20 12:12
    Severity
    N/A (UNKNOWN) - -
    Summary
    Yahoo! Browser vulnerable in the WebView class
    Details
    Yahoo! Browser contains a vulnerability in the WebView class. Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000070.html",
      "dc:date": "2012-07-20T12:12+09:00",
      "dcterms:issued": "2012-07-13T15:00+09:00",
      "dcterms:modified": "2012-07-20T12:12+09:00",
      "description": "Yahoo! Browser contains a vulnerability in the WebView class.\r\n\r\nYahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000070.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
        "@product": "Yahoo! Browser",
        "@vendor": "Yahoo Japan Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2012-000070",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN46088915/index.html",
          "@id": "JVN#46088915",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2645",
          "@id": "CVE-2012-2645",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2645",
          "@id": "CVE-2012-2645",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Yahoo! Browser vulnerable in the WebView class"
    }