Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Google closes Gmail cross-site scripting vulnerability

By Jeremy Kirk , IDG News Service , 01/02/2007
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

Google has fixed a flaw that would have allowed Web sites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e-mail addresses.

For an attack to work, a user would have to log into a Gmail account and then visit a Web site that incorporates JavaScript code designed to take contact information from Gmail.

Keeping It Simple: Sun's Pragmatic Approach to Identity Management: Download now

Proof-of-concept code was publicly posted.

The JavaScript code used a capability that Google used to integrate addressing with other services including its video download site and online office productivity suite.

Related Content

Google appears to have fixed the problem within 30 hours of being notified, wrote Haochi Chen, a blogger who tracks the company on his blog.

A Google spokeswoman in London confirmed Tuesday morning the problem was fixed.

The IDG News Service is a Network World affiliate.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (1)
Login
Forgot your account info?

Google closes Gmail cross-site scripting vulnerabilityBy Anonymous on January 3, 2007, 11:14 pmDAMN, 30 hours! It often takes Microsoft months! Dang it, which Linux are THEY going to endorse? :) Re: This article.

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed