Google rushed in to fix a minor glitch that was found in Gmail by a 14-year-old blogger calling himself Anthony. He was attempting to send an email JavaScript from his Yahoo account to his Gmail account when he stumbled onto this particular vulnerability.
In a blog, posted on http://ph3rny.blogspot.com/2006/03/vulnerability-in-gmail.html, Anthony says that he only tested it from Yahoo to Gmail, since sending the mail within Gmail filtered this problem, "Apparently JavaScript will run if it is within the preview of the message, " Anthony wrote.
"This is what the message has to compose of
· A short subject to increase the amount of code to run
· A short bit of text in the body so that the code isn't treated as quoted text
· And your code," he added.
Anthony felt that the flaw could be used to gather email addresses and thus compromise the account. But Google immediately fixed this flaw. "We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," a representative for the Mountain View, California-based company said. He added that since it had been taken care of very rapidly, there was no question of exploiting it.
However, Google feels that users would be better off reporting to the company first rather than making such glitches public, "In the interest of minimizing the impact that security vulnerabilities have on our end users, we highly encourage anyone who discovers a vulnerability in a Google product or service to follow responsible disclosure policies by contacting us first at security@google.com," the company said in a statement.
