No New Gmail Scripting...
January 2007
Google closes Gmail cross_site scripting vulnerability.
Google Inc. has fixed a flaw that would have allowed Websites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e_mail addresses. For an attack to work, a user would have to log into a Gmail account and then visit a Website that incorporatesjava_script code designed to take contact information from Gmail. Proof_of_concept code was publicly posted.
Source: http://www.infoworld.com/article/07/01/02/HNgmailscripting_1 .html
Google closes Gmail cross_site scripting vulnerability.
Google Inc. has fixed a flaw that would have allowed Websites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e_mail addresses. For an attack to work, a user would have to log into a Gmail account and then visit a Website that incorporatesjava_script code designed to take contact information from Gmail. Proof_of_concept code was publicly posted.
Source: http://www.infoworld.com/article/07/01/02/HNgmailscripting_1 .html
posted by arkietechs at 6:19 AM
0 Comments:
Post a Comment
<< Home