XSS Flaw in Yahoo Mail Allows Attacking IM Users
According to the Researchers at Calif.-based security company Cenzic, Yahoo patched a critical security flaw on June 13, 2008 in its Mail applications and Messenger desktop that could allow malicious users to capture login credentials and obtain access to consumers' private information.
The security flaw, according to Mandeep Khera, Vice President of Marketing for Cenzic, had exposed millions of Yahoo users to possible identity thefts, as reported by MarketWire on June 25, 2008.
Further, according to the Researchers at Cenzic, in the worst case of exploitation, the vulnerability could allow hackers to compromise users' sessions and invade their accounts, and gain control over the operations in Yahoo Mail.
Meanwhile, the vulnerability in Yahoo, which is a cross-site scr...
» SPAMfighter News - 15-07-2008