Gmail's newly discovered hole... by a 14yrs old kid

A 14 year-old kid known only to the outside world as Anthony has revealed that Gmail has a critical hole.

Writing in his bog, which gives his age as 14, Anthony says the vulnerability could be used to gather email addresses. Or even possibly to compromise the account.

He was attempting to mail some javascript code from his yahoo account to my gmail when he came across this vulnerability. Anthony noted that javascript will run if it is within the preview of the message.

It only works if you send mail from a yahoo account. If you attempt to send Javascript from gmail to gmail it gets filtered out.

All you need to do is have a message has to compose of a short subject to increase the ammount of code to run and a a short bit of text in the body so that the code isn't treated as quoted text.