An interesting cross-site scripting (XSS) vulnerability found in the Google Spreadsheets service would have allowed attackers to gain unauthorised access to other Google services, including Gmail and Google Docs.
The vulnerability was discovered by security engineer Billy Rios, and takes advantage of nuances in the way Internet Explorer handles Content-Types for webpages.
Rios points out that Google cookies are valid for all google.com sub domains. This means that when a user logs in to Gmail, the Gmail cookie is also valid for other Google services, such as Google Code, Google Docs, Google Spreadsheets, and more. Cross-site scripting vulnerabilities in any of these sub domains can allow an attacker to hijack a user’s session and access other Google services as if they were that user.
Google has fixed the vulnerability discovered by Rios and there have been no reports of the vulnerability being exploited by attackers.