CVE-2009-4127

Name of the Vulnerable Software and Affected Versions Wikipedia Toolbar extension versions prior to 0.5.9.2

Description The issue allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges. This is achieved via vectors involving unspecified Toolbar buttons and the eval function.

Recommendations For versions prior to 0.5.9.2, update to version 0.5.9.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of unspecified Toolbar buttons until a patch is available. Avoid using the eval function in the affected extension until the issue is resolved.