"This attack can be used to hijack Gmail/ Google doc cookies efficiently if certain conditions are met. The Google docs are an integrated service provided by Google for online viewing the document. A user logged in to Gmail will have the same cookie used for if any document. The interdependency can be exploited through this attack vector."
http://secniche.org/gmd_hijack/gc_hijack.xhtml
The issues were solved by Google in 5 days. |
It is nice to notice that this cookie issue and this recent issue http://blogoscoped.com/forum/154518.html
were reported to Google in responsible way. |
Juha, but that has been fixed too.. Google Security Team propgated the fix on 05/07..! |