Yahoo! fixes Web mail vuln
PrintFlawed script
Posted in Security, 11th December 2003 11:50 GMT
Free whitepaper – Vulnerability management buyer's checklist
Yahoo! has closed a potentially devastating security loophole in its popular Web-based email service.
The script execution vulnerability in the service could have allowed crackers to launch a worm or mobile code attacks using maliciously-constructed email messages.
Yahoo's active content filter is supposed to block the injection of any active content into Yahoo! messages but security firm Finjan Software found this safeguard was easily foiled. Web-based email services from Outblaze and Excite had the same problem.
All three services are now fixed, according to security clearing house CERT.
The flaw would have allowed an attacker to input malicious script into a seemingly normal e-mail message. Potential victims opening a malicious e-mail would be hit with a malicious code attack, providing scripting was enabled on their Web browser.
In addition to destroying files, malicious code attacks could be used to steal personal information.
More info on the malicious script execution security flaw can be found here. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive