Slashdot Mirror

← Back to Stories (view on slashdot.org)

GMail Vulnerable To Contact List Hijacking

Posted by Hemos on from the in-special-circumstances dept.

Anonymous Coward writes "By simply logging in to GMail and visiting a website, a malicious website can steal your contact list, and all their details. The problem occurs because Google stores the contact list data in a Javascript file. So far the attack only works on Firefox, and doesn't appear to work in Opera or Internet explorer 7. IE6 was un-tested as of now."

2 of 139 comments (clear)

  1. Submitter has a problem with Firefox? by CTho9305 · · Score: 5, Informative

    RTFA:
    I've tried the hack on IE7, Opera, and Firefox; it appears to be working on all three.

    Does the submitter have some agenda against Firefox?

    --
    My server
  2. Conceptual problem by JackHoffman · · Score: 5, Informative

    Loading script files to exchange data with the server is a very common mechanism. It even has a name: JSON. It wouldn't surprise me to find that there are many more web applications which could be exploited in this way. This isn't a browser vulnerability or a simple bug. It is a design flaw of a widely used communication protocol.