Gmail Xss vulnerability can cause the user to be hijacking-vulnerability warning-the black bar safety net

ID MYHACK58:62201129620
Type myhack58
Reporter 佚名
Modified 2011-03-05T00:00:00


Brief description:

Google recently quietly fix the Gmail there is a seriousxssproblems that may lead to hijacking of user accounts Detailed description: <! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "">

The problem exists in

var hc_page_info = "request";

Controllable, to meet the mhtml vulnerability of the Use Conditions! x

The successful implementation of javascript, you can of the gmail mailbox to perform any operation, prior to already have the corresponding number of case disclosures

< Vulnerability response Vendor response:

Failure to contact the vendors or manufacturers actively refused it