Google's popular Gmail e-mail service was fixed yesterday after a javascript vulnerability was reported which allowed a malicious website to view the contacts of the user if still logged into Gmail.

This would of enabled the spammer to harvest e-mail addresses from the user. Many people keep logged in to Gmail as other Google services can share the same login and password such as the wordprocesser and spreadsheet applications.

Proof-of-concept code was publicly posted, and Google appears to have fixed the problem within 30 hours of being notified, wrote Haochi Chen, a blogger who tracks the company. A Google spokeswoman in London confirmed to PCWORLD today that the problem was fixed.

Googlified who discovered the vulnerability said:

Last night, a story called "GMail Hacked: Visit ANY Website, and Your Whole Contact List Can be Stolen" got on Digg's home page, and about the same time, the story was picked up and submitted to Slashdot. This has grabbed Google attention, later this morning, they issued a few fixes, but not enough, the bug still can be use by malicious site.

Finally, about an hour ago or so, Google has patched the vulnerability, thoroughly, as far as I can tell. That's like thirty hours after I notify the Google Security team. It's new year, people.

Well, the bug has been fixed.