The problems continue for Gmail users. A vulnerability was found in the Gmail web based email application that allowed anyone to see a Gmail user’s contacts. The vulnerability came from the fact that apparently Gmail stores the users contacts in a JavaScript file. Any clever web hacker could steal this information as long as the user was logged into their Gmail account and visited a malicious site.

Gmail has had problems in the past with this sort of issue. Jeremiah Grossman discovered the issued and reported it to Google.

Both issues revolve around using JavaScript, the scripting language used in web pages, to make requests for data. If the request is made from the HTML within a Gmail message then the cookies used to authenticate a user to Gmail may be used to get information without the users permission.

The person who discovered the issue has reported the issue to the Gmail team. SlipperyBrick will keep you posted on the status of the security issue.