[Full-disclosure] Gmail XSS?

[Denzity]

There's reports of a gmail xss in the wild that will steal someone's contact
list and email if they website is visited while being logged in to gmail.

http://cyber-knowledge.net/blog/2007/01/01/gmail-vulnerable-to-contact-list-hijacking/

I can't find this on Bugtraq or any release. Anyone have any more info or a
PoC?

Thanks, Denzity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070101/6de0f9bd/attachment.html