January 14, 2005

Froogle Security Alert

Aviran Mordo is reporting a Serious flaw in Froogle Reveals Gmail Accounts.

"By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user’s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user’s cookie, which contains personal information, such as purchase history, user name and password for Google services."

via WebmasterWorld: Major Froogle/Google/Groups/Gmail Security Bug found

Froogle Security Alert
Posted by Sean O'Rourke on January 14, 2005 at 11:46 AM
Archived at Froogle