Yahoo fixes email hole

by admin August 18, 2006 at 1:29 am

Malicious HTML attachment could reveal recipient’s mail cookie

Yahoo has fixed a potential security flaw in its email service that could have allowed hackers to hijack Yahoo email accounts.

The problem was discovered earlier in August by Nir Goldshlager and Roni Bahar of Israeli security company Avnet.

The security hole required hackers to create an HTML attachment with different encoding schemes to bypass Yahoo Mail’s security filter and then execute JavaScript code to download the recipient’s mail cookie.

Once acquired, the cookie would provide access to the email session and hence the email inbox to read, send and delete emails.

Read more: