Security flaw discovered in Gmail email service
…Google patches it quickly
A 14 year old has discovered a flaw in the Gmail email service that has caused a bit of a stir in the security community yesterday. He discovered this flaw by sending an email from his yahoo account to his Gmail account with a piece of JavaScript code in the subject line.
He states in his blog ”Apparently JavaScript will run if it is within the preview of the message,”. This would mean that if you put the code into the subject line or the first few lines of the body of the email the code would run because the code was “visible” in message preview mode.
He elaborates further by stating that this problem does not occur when a message is constructed and sent from one Gmail account to another because Gmail filters out the code when you send the message.
Google confirmed the flaw in an email to security companies shortly after the flaw was patched – approximately 3 hours after the blog posting went up.
Popularity: 1% [?]
3