Yahoo! fixes bug that gave free rein to user accounts
All hail the power of the XSS error!
Yahoo! has plugged a site-wide coding error that made it possible for miscreants to gain complete access to a user’s account simply by convincing the holder to click on a booby-trapped link.
The security defect is the latest to affect a large website, which consumers and businesses are increasingly entrusting with a plethora of sensitive information, such as email, address books and calendar entries. Yahoo patched the vulnerability, which was the result of a cross-site scripting (XSS) error, hours after the Net Cooties blog first reported it on Thursday.
Full story: theregister.co.uk