GMail Vulnerable To Contact List Hijacking

Anonymous Coward writes "By simply logging in to GMail and visiting a website, a malicious website can steal your contact list, and all their details. The problem occurs because Google stores the contact list data in a Javascript file. So far the attack only works on Firefox, and doesn't appear to work in Opera or Internet explorer 7. IE6 was un-tested as of now."

Re:Which is the problem?

[klept]

To Stalus or anyone else on Slashdot. I have a couple of questions that I would deeply appreciate if they could be answered. Ok this latest hack on gmail. Is it only your contact list that they recieve. Is nothing else hacked into like your inbox, messeges sent, etc? If so, I will be lmaf. Many of my contacts are programmers, and they will not take this spam hack lying down. If anyone can track these bozos they will, and they know how to retaliate lol. Second, an earlier story had about 60 gmail account files completely deleted. Is this part of the same hack or problem? Or is it a seperate incident and as Google claimed a glitch that has been fixed? Perhaps when they corrected the "glitch" they created a "issue", like a vulnerability that caused this contact hack? Any enlightnment would be greatly appreciated. Thank you.