scoutt
09-28-2007, 07:18 PM
(September 27, 2007)
Google has fixed a cross-site scripting flaw that could be exploited to
steal Gmail contacts and incoming mail. The exploit would require the
targeted individual to be logged in to Gmail and to click on a
maliciously crafted link. At that point, the attacker would have
control of Gmail session cookies. To protect their systems from
attacks, users could access Gmail through Firefox with JavaScript
disabled.
http://www.news.com/2102-1002_3-6210353.html?tag=st.util.print
http://www.itweek.co.uk/vnunet/news/2199803/gmail-flaw-puts-inbox-risk
Google has fixed a cross-site scripting flaw that could be exploited to
steal Gmail contacts and incoming mail. The exploit would require the
targeted individual to be logged in to Gmail and to click on a
maliciously crafted link. At that point, the attacker would have
control of Gmail session cookies. To protect their systems from
attacks, users could access Gmail through Firefox with JavaScript
disabled.
http://www.news.com/2102-1002_3-6210353.html?tag=st.util.print
http://www.itweek.co.uk/vnunet/news/2199803/gmail-flaw-puts-inbox-risk