Teenager finds critical hole in GMail

Posted on Thursday, March 02 2006 @ 21:27 CET by Thomas De Maesschalck
A 14 year old teenager found a critical hole in Google's free e-mail service:
Writing in his bog, which gives his age as 14, Anthony says the vulnerability could be used to gather email addresses. Or even possibly to compromise the account.

He was attempting to mail some javascript code from his yahoo account to my gmail when he came across this vulnerability. Anthony noted that javascript will run if it is within the preview of the message.

It only works if you send mail from a yahoo account. If you attempt to send Javascript from gmail to gmail it gets filtered out.
More info can be found over atThe Inquirer.

Loading Comments