n3td3v wrote:
Should the general public be expecting a disclosure of the
vulnerability to security mailing lists once a solution has been
implemented to patch the hole, so other web-based services are aware
of the possibility of the same problem being an issue for them, or
should gmail be keeping everything secret after they patch.
I'd be surprised if the vulnerability wasn't something already mentioned
on http://www.squarefree.com/securitytips/web-developers.html#XSS .
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
