Cross-Site Scripting Vulnerability in Y! Toolbar for Firefox and Windows
CVE-2013-6853

Currently unrated

Key Information:

Vendor: Yahoo
Status: Toolbar
Vendor: CVE Published:; 26 January 2014

What is CVE-2013-6853?

The Y! Toolbar plugin for Firefox contains a cross-site scripting (XSS) vulnerability within the clickstream.js file. This flaw allows remote attackers to craft malicious URLs that, when accessed by a user, lead to the execution of arbitrary web scripts or HTML code. The affected versions for Mac and Windows can store these harmful scripts, ultimately compromising user security and privacy. This vulnerability underscores the importance of ensuring that plugins remain secure and updated to prevent exploitation.

References

http://www.securityfocus.com/bid/64971

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/124800/Y-Toolbar-Cro...

x_refsource_MISC

http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2014
Vulnerability Reserved
Nov 22, 2013

CVE-2013-6853 Data

JSON

Yahoo

What is CVE-2013-6853?

References

Timeline