Search
Find a vulnerability
Search criteria
10 vulnerabilities by Yahoo Japan Corporation
CVE-2017-2253 (GCVE-0-2017-2253)
Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
VEX
Summary
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN02852421/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Yahoo Japan Corporation | Installer of Yahoo! Toolbar (for Internet explorer) |
Affected:
v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
|
Date Public
2017-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Yahoo! Toolbar (for Internet explorer)",
"vendor": "Yahoo Japan Corporation",
"versions": [
{
"status": "affected",
"version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
],
"datePublic": "2017-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
"version": {
"version_data": [
{
"version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
}
]
},
"vendor_name": "Yahoo Japan Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02852421",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2253",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2253 (GCVE-0-2017-2253)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
EPSS
VEX
Summary
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN02852421/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Yahoo Japan Corporation | Installer of Yahoo! Toolbar (for Internet explorer) |
Affected:
v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
|
Date Public
2017-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Yahoo! Toolbar (for Internet explorer)",
"vendor": "Yahoo Japan Corporation",
"versions": [
{
"status": "affected",
"version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
],
"datePublic": "2017-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
"version": {
"version_data": [
{
"version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
}
]
},
"vendor_name": "Yahoo Japan Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02852421",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2253",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000173
Vulnerability from jvndb - Published: 2017-07-12 14:42 - Updated:2018-02-07 16:48
Severity
Summary
Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
Details
Installer of Yahoo! Toolbar (for Internet explorer) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000173.html",
"dc:date": "2018-02-07T16:48+09:00",
"dcterms:issued": "2017-07-12T14:42+09:00",
"dcterms:modified": "2018-02-07T16:48+09:00",
"description": "Installer of Yahoo! Toolbar (for Internet explorer) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000173.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
"@product": "Installer of Yahoo! Toolbar",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000173",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN02852421/index.html",
"@id": "JVN#02852421",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2253",
"@id": "CVE-2017-2253",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2253",
"@id": "CVE-2017-2253",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries"
}
JVNDB-2014-000116
Vulnerability from jvndb - Published: 2014-09-25 14:54 - Updated:2014-09-25 14:54Summary
Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Details
Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN.
JPCERT/CC coordinated with Yahoo Japan Corporation to publish this JVN advisory under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000116.html",
"dc:date": "2014-09-25T14:54+09:00",
"dcterms:issued": "2014-09-25T14:54+09:00",
"dcterms:modified": "2014-09-25T14:54+09:00",
"description": "Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nYahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN.\r\nJPCERT/CC coordinated with Yahoo Japan Corporation to publish this JVN advisory under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000116.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_box_for_android",
"@product": "Yahoo! Japan Box for Android",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000116",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48270605/index.html",
"@id": "JVN#48270605",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/vu/JVNVU90369988/index.html",
"@id": "JVNVU#90369988",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5881",
"@id": "CVE-2014-5881",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-5881",
"@id": "CVE-2014-5881",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/582497",
"@id": "VU#582497",
"@source": "CERT-VN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates"
}
JVNDB-2013-000079
Vulnerability from jvndb - Published: 2013-08-19 15:50 - Updated:2013-08-23 18:42Summary
Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Details
Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000079.html",
"dc:date": "2013-08-23T18:42+09:00",
"dcterms:issued": "2013-08-19T15:50+09:00",
"dcterms:modified": "2013-08-23T18:42+09:00",
"description": "Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nZachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000079.html",
"sec:cpe": {
"#text": "cpe:/a:misc:japan_shopping",
"@product": "Yahoo! Japan Shopping",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75084836/index.html",
"@id": "JVN#75084836",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4700",
"@id": "CVE-2013-4700",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4700",
"@id": "CVE-2013-4700",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates"
}
JVNDB-2013-000078
Vulnerability from jvndb - Published: 2013-08-19 15:35 - Updated:2013-08-23 18:43Summary
Yafuoku! contains an issue where it fails to verify SSL server certificates
Details
Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000078.html",
"dc:date": "2013-08-23T18:43+09:00",
"dcterms:issued": "2013-08-19T15:35+09:00",
"dcterms:modified": "2013-08-23T18:43+09:00",
"description": "Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.\r\n\r\nZachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000078.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yafuoku%21",
"@product": "Yafuoku!",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000078",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN68156832/index.html",
"@id": "JVN#68156832",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4699",
"@id": "CVE-2013-4699",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4699",
"@id": "CVE-2013-4699",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yafuoku! contains an issue where it fails to verify SSL server certificates"
}
JVNDB-2013-000045
Vulnerability from jvndb - Published: 2013-05-27 15:04 - Updated:2013-05-27 15:04Summary
Yahoo! Browser vulnerable to address bar spoofing
Details
Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.
Note that this vulnerability is different from JVN#55074201.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000045.html",
"dc:date": "2013-05-27T15:04+09:00",
"dcterms:issued": "2013-05-27T15:04+09:00",
"dcterms:modified": "2013-05-27T15:04+09:00",
"description": "Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.\r\nNote that this vulnerability is different from JVN#55074201.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000045.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
"@product": "Yahoo! Browser",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000045",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN31817913/index.html",
"@id": "JVN#31817913",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2316",
"@id": "CVE-2013-2316",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2316",
"@id": "CVE-2013-2316",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Browser vulnerable to address bar spoofing"
}
JVNDB-2013-000037
Vulnerability from jvndb - Published: 2013-04-26 15:50 - Updated:2013-04-26 15:50Summary
Yahoo! Browser vulnerable to address bar spoofing
Details
Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000037.html",
"dc:date": "2013-04-26T15:50+09:00",
"dcterms:issued": "2013-04-26T15:50+09:00",
"dcterms:modified": "2013-04-26T15:50+09:00",
"description": "Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000037.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
"@product": "Yahoo! Browser",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000037",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55074201/",
"@id": "JVN#55074201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2307",
"@id": "CVE-2013-2307",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2307",
"@id": "CVE-2013-2307",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Browser vulnerable to address bar spoofing"
}
JVNDB-2012-000072
Vulnerability from jvndb - Published: 2012-07-30 14:56 - Updated:2012-08-02 16:33Summary
Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
Details
Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.
Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
"dc:date": "2012-08-02T16:33+09:00",
"dcterms:issued": "2012-07-30T14:56+09:00",
"dcterms:modified": "2012-08-02T16:33+09:00",
"description": "Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.\r\n\r\nYahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_toolbar",
"@product": "Installer of Yahoo! Toolbar",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000072",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN51769987/",
"@id": "JVN#51769987",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2647",
"@id": "CVE-2012-2647",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2647",
"@id": "CVE-2012-2647",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration"
}
JVNDB-2012-000070
Vulnerability from jvndb - Published: 2012-07-13 15:00 - Updated:2012-07-20 12:12Summary
Yahoo! Browser vulnerable in the WebView class
Details
Yahoo! Browser contains a vulnerability in the WebView class.
Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000070.html",
"dc:date": "2012-07-20T12:12+09:00",
"dcterms:issued": "2012-07-13T15:00+09:00",
"dcterms:modified": "2012-07-20T12:12+09:00",
"description": "Yahoo! Browser contains a vulnerability in the WebView class.\r\n\r\nYahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000070.html",
"sec:cpe": {
"#text": "cpe:/a:misc:yahoo_japan_yahoo_browser",
"@product": "Yahoo! Browser",
"@vendor": "Yahoo Japan Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000070",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN46088915/index.html",
"@id": "JVN#46088915",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2645",
"@id": "CVE-2012-2645",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2645",
"@id": "CVE-2012-2645",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Yahoo! Browser vulnerable in the WebView class"
}