Arey yaar it is browser independent...but as you know, I like to squash F(***)irefox all the times.. I did it. The game here is a cross-site scripting attack, what happens in a tabbed-browsing enabled browser a new tab or even in old fashioned browsers - A child window of current window will inherit EVERYTHING from the parent, so it will have direct access to any SESSION your browser had with any WEB RESOURCE. In this case, Gmail, based heavily on AJAX, can be exploited easily if the person knows how to do CERTAIN things.
To reproduce this behavior
1. Open your Gmail A/C.
2. Launch a new window from IE or open a tab.
3. Go to any Web site you like.
5. Instead of login page, you will be taken to your A/C inbox.
6. NOW.......... think of a smart coder(naah.. not you..:P), having some what knowledge of Gmail Internals(Not so big deal if you have time and dedication/passion to do something creative) and DHTML/AJAX(sigh....) can create a web page that directly calls Gmail AJAX-enabled methods to do SOME thing. So if you open your Gmail A/C and then his web page his SOME thing will run in your A/Cs context.
I hope the above explanation makes sense to most of the community members. If you want more information, please feel free to spam the community. :P
Also to mitigate this behavior, ALWAYS copy the link whenever you get a mail and that asks you to open some web page and open it in a new window. I just said ALWAYS 'cause I DONT trust known websites too.
<<ALL REPETITIVE CRAP REMOVED>>
Chinmay