Hey, don’t touch to my Gmail filters with XSRF

The good news are that Google has fixed a serious cross-site request forgery vulnerability in Gmail.

The exploitation technique was interesting – modifying Gmail’s Forwarding settings with JavaScript.

US-CERT Vulnerability Note VU#571584 is located here.

Share