Serious Gmail Vulnerability discovered

A serious Gmail security bug have been reported where anyone can access your contact list just visiting a malicious page. The Javascript have been made public probably for usage with Google Docs since the url is linked from there, but there was no security restriction on calling the script. Happy new Year Gmail !

</p> <p>function google(a){<br /> var emails;<br /> emails = “</p> <ol>”<br /> for(i=0;i<a.Body.Contacts.length;i++){<br /> mails += "</p> <li>“+a.Body.Contacts[i].Email+”</li> <p>“;<br /> }<br /> emails += “</ol> <p>”<br /> document.write(emails);<br /> }</p> <p>