Yahoo and Hotmail Filter Flaw

gandam writes "Israeli computer security firm GreyMagic Software has detected a serious security flaw in Yahoo's Web e-mail service and Microsoft Corp.'s Hotmail service, which could allow hackers to run malicious scripts on users' computers. I tried sending a mail to my yahoo account and it never reached my mailbox. According to the website, all attempts to contact Yahoo unfortunately failed. Mail was sent to security and secure at yahoo.com and at yahoo-inc.com. No replies were received to date. Works only in IE5, though."

Re:Works only in IE5, though?

[xpl_the_myst]

And this is the reason it works only in IE5. Non-standard methods :

However, Hotmail completely filters out that element, so another method of namespace declaration is needed. It so happens that Internet Explorer provides one other mechanism to declare a namespace, via the non-standard <?xml:namespace> processing instruction, which may be used anywhere in the document and does not get filtered.

Re:Works only in IE5, though?

[NickFitz]

I just tried it on IE6, and it works there too - should have said "IE5 upwards", I suppose.

(For those who don't know, MS's versioning is so bizarre that IE5 and IE5.5 are different in more than minor version number, while IE6 is pretty much IE5.5.1. No, I don't understand either; but I'm always glad of a reminder of why I use a Mac these days :-)

Not only IE5

The reporter has it wrong.

ALL versions of IE *since* 5 contain this feature, which means that if there's a flaw in the filtering mechanism of the web-based email provider, script will run.

Yep, IE5, IE5.5 and IE6.

Myway uses adware.

[Azureflare]

I just did a google search and came up with this:: MyWay Speedbar

Sorry, but I'm not willing to get email with a service that supports the use of adware/scumware.