Gmail Security Vulnerability
The problems surrounds Gmail users. A vulnerability was found in the Gmail web based email application that allowed anyone to see a Gmail user’s contacts. The vulnerability came from the fact that apparently Gmail stores the users contacts in a JavaScript file.
Any clever web hacker could steal this information as long as the user was logged into their Gmail account and visited a malicious site.Gmail has had problems in the past with this sort of issue. Jeremiah Grossman discovered the issued and reported it to Google.
Both issues revolve around using JavaScript, the scripting language used in web pages, to make requests for data. If the request is made from the HTML within a Gmail message then the cookies used to authenticate a user to Gmail may be used to get information without the users permission. The security vulnerability has been alerted to Gmail team and waiting for their response.
RSS
[...] Gmail Vulnerability May Still Exist Site NewsThis is a follow up to the previous post on the Gmail Contacts Exploit. [...]