Yahoo Web mail security flaw Fixed

Yahoo has fixed a security flaw in its free Web-based e-mail service that opened the door to phishing scams, account hijacks and other attacks.

The flaw, known as a cross-site scripting vulnerability, existed because Yahoo's Web site did not detect certain script tags in combination with certain special characters, according to SEC Consult, which issued an advisory on the flaw Friday. Yahoo fixes Web mail security flaw | CNET

Linked by shanmuga Friday, 21st October 2005 10:10PM