According to public reports, Google Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses.
Google Gmail is a web based mail service. Gmail provides support for email filters that allow users to sort and forward mail.
According to a report on the GNUCITIZEN site, Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create mail filters and forward mail to arbitrary email addresses. To exploit this vulnerability, an attacker would have had to convince a user to click or open a specially crafted hyperlink while the user was logged into their Gmail account. The hyperlink would have contained a http POST request that created the mail filter.
Workarounds for Users
Using Gmail's SMTP and POP servers to send and receive mail will mitigate vulnerabilities in the Gmail web interface.
Encrypting sensitive emails and attachments will limit the impact of XSRF or other authentication bypass vulnerabilities.
Original Report :
From GNUCITIZEN : Google GMail E-mail Hijack Technique