Google Patches Gmail hole

It appears that Google has fixed a bug in Gmail that would allow a cross-site scripting attack. If a user logged on to Gmail, using their browser, and then later visited a malicious website (without logging out of Gmail), the attackers may have been able to steal all the email addresses from the Contacts list. There have been conflicting reports on how rapidly, and how completely, Google fixed this bug. Network World has the report as of 1/2/07 at http://www.networkworld.com/news/2007/010207-google-closes-gmail-cross-site-scripting.html