CVE-2004-2475

Name of the Vulnerable Software and Affected Versions: Google Toolbar version 2.0.114.1

Description: A cross-site scripting (XSS) issue may exist, potentially allowing remote attackers to inject arbitrary web script via the about.html in the About section. However, it is noted that the demonstration code's use of the res:// protocol might not cross privilege boundaries since it is not allowed in the Internet Zone, which could mean this might not be a vulnerability.

Recommendations: For Google Toolbar version 2.0.114.1, consider avoiding the use of the About section until further clarification or a fix is provided. As a temporary workaround, restrict access to the about.html section to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this issue.