Nana NetLife Magazine (nana.co.il) reported a vulnerability in Google Gmail that was discovered by Israeli hacker Nir Goldshlagger.
A remote user can create a specially crafted link that, when loaded by the target user, will disclose the target user's cookie. With the target user's cookie, the remote user can then access the target user's account.
The report indicates that the specially crafted link will direct to the Gmail site.
No further details were provided.
Google has reportedly confirmed the flaw.
Galeon Browser Tabbed Browsing Errors Let Remote Users Spoof Sites
Juha-Matti Laurio reported a vulnerability in the Galeon browser in the tabbed browsing feature. A remote user may be able to spoof web page functions.
It is reported that when a target user has multiple tabs open, an inactive tab can issue a dialog box that will be displayed even though the target user is currently viewing a different tab. As a result, a remote user may be able to spoof functions on the web site in the active tab.
The vulnerability is due to a previously reported underlying flaw in the Mozilla Gecko engine, which is used by Galeon. Secunia Research reported the flaw in Mozilla.
A demonstration exploit is available at http://secunia.com/multiple_browsers_dialog_box_spoofing _test/
The vendor was notified on October 26, 2004.