Digit Technology Discussion Forum - View Single Post - 14 year old discovers Gmail vulnerability

shwetanshu · 02-03-2006, 08:38 PM

In a blog posting on blogspot a 14 year old kid named Anthony has discovered a Javascript Gmail vulnerability.

Anthony wrote "Apparently javascript will run if it is withing the preview of the message" meaning that hackers could grab email addresses or possibly steal cookies and compromise Google accounts. It's surprising that this vulnerability existed and who knows how long this has been a hole.

According to Anthony the Javascript he sent to himself was from a Yahoo account, emailing from Gmail to Gmail accounts filters the code out.

24 hours after Anthony discovered the issue Google have now fixed the problem but have not issued a statement regarding this latest privacy slip up.

http://www.neowin.net/index.php?act=view&id=32435

02-03-2006, 08:38 PM	#1 (permalink)
shwetanshu Wise Old Owl Join Date: Dec 2004 Location: New Delhi/Bangalore Posts: 1,087	14 year old discovers Gmail vulnerability In a blog posting on blogspot a 14 year old kid named Anthony has discovered a Javascript Gmail vulnerability. Anthony wrote "Apparently javascript will run if it is withing the preview of the message" meaning that hackers could grab email addresses or possibly steal cookies and compromise Google accounts. It's surprising that this vulnerability existed and who knows how long this has been a hole. According to Anthony the Javascript he sent to himself was from a Yahoo account, emailing from Gmail to Gmail accounts filters the code out. 24 hours after Anthony discovered the issue Google have now fixed the problem but have not issued a statement regarding this latest privacy slip up. http://www.neowin.net/index.php?act=view&id=32435