Writing in his bog, which gives his age as 14, Anthony says the vulnerability could be used to gather email addresses. Or even possibly to compromise the account.More info can be found over atThe Inquirer.
He was attempting to mail some javascript code from his yahoo account to my gmail when he came across this vulnerability. Anthony noted that javascript will run if it is within the preview of the message.
It only works if you send mail from a yahoo account. If you attempt to send Javascript from gmail to gmail it gets filtered out.
Teenager finds critical hole in GMail
Posted on Thursday, March 02 2006 @ 21:27 CET by Thomas De Maesschalck