Thread: GMail javascript vulnerability
View Single Post
Old 02-03-2006, 13:13   #1
Gareth
Karateka
 
Gareth's Avatar
 
Join Date: Dec 2003
Age: 33
Posts: 7,098
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
GMail javascript vulnerability
Thought this might be of interest to the GMail users amongst us...

Quote:
Originally Posted by Security Dump
source:http://www.securitydump.com/content142.html

A recently discovered vulnerability in Google Gmail allows automatic javascript execution when using the preview function.

While Google filters javascript sent among Gmail accounts, e-mail from outside accounts such as Yahoo! are not filtered.

Normally Gmail would quote the javascript code, however if one includes a short amount of text in the subject and body of the message, then Gmail instead executes the code.

This vulnerability could be used to gather email addresses or compromise viewers Gmail account.
Screenshot
Gareth is offline   Reply With Quote