A flaw that allowed JavaScript code to run when viewing a Gmail message has been patched by Google. The flaw could have allowed malicious code to gather email addresses or even compromise accounts. The vulnerability was discovered by "Anthony," a 14-year-old blogger. Anthony claims that he found the flaw while trying to email JavaScript code from his Yahoo account to his Gmail account.
"We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," a Google spokeswoman said. "We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public."