Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Computer Security News
Reload this Page Yahoo fixes email cross-site scripting flaw
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Computer Security News The Latest Computer Security News

Reply
 
LinkBack Thread Tools
Old 06-26-2008, 03:01 PM   #1 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,470
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Yahoo fixes email cross-site scripting flaw
Yahoo has fixed a vulnerability that could allow a hacker to get access to a person's webmail account.

The problem was in the way Yahoo's mail interacts with version 8.1.0.209 of its IM application, according to web application security company Cenzic.

Cenzic notified Yahoo of the problem in May, and the company has now fixed it.

If a hacker using the IM application starts chatting with a victim who is using the IM function of Yahoo's web email, a new chat tab is opened in the victim's web browser. The attacker can then manipulate his presence status message to send a malicious script via IM. That script would then be executed in the context of Yahoo's email service on the person's PC.

The script can reveal the victim's session ID to the attacker, who can then get access to information stored in that account, Cenzic said.

Cenzic classified the vulnerability as a cross-site scripting flaw, where scripts or commands from one web application that shouldn't run in another are successfully executed. Security experts contend that cross-site scripting vulnerabilities are rampant on websites, posing dangerous risks to web users.


http://www.techworld.com/security/ne...&NewsID=102019
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:37 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85