Google scrambles to plug Gmail hole

by admin March 4, 2006 at 9:51 am

JavaScript loophole fixed after blogger ‘accidentally stumbled’ on flaw

Google has plugged a vulnerability in its Gmail service that could allow an attacker to gather email addresses from a user’s account and possibly gain access to the account.

A blogger by the name of ‘Anthony’, who claims on his blog to be 14 years old, accidentally stumbled on the flaw when he was mailing some JavaScript to his Gmail account from an outside email address.

When he opened the message in Gmail, the service executed the script. ” Apparently JavaScript will run if it is within the preview of the message,” Anthony wrote on his blog.

Full story: