Yahoo Fixes Bug That Could Compromise Email Accounts When Opening an Email

An anonymous reader writes: Yahoo! has fixed a cross-site scripting bug that would have allowed attackers to fully compromise email accounts just by sending a malicious email. To lose control over their accounts, victims needed only to open the email. The researcher who discovered the bug said, "The code would be automatically evaluated when the message was viewed. ... We provided Yahoo with a proof of concept email that would forward the victim user's inbox to an external website, and an email virus which infects the Yahoo Mail account and attaches itself to all outgoing emails. The bug was fixed before any known exploits 'in the wild.'" Yahoo!'s bounty program awarded $10,000 for the research.

Re:Why bother?

[phishybongwaters]

Because not all of the skilled and talented people out there are asshats willing to sell out security to make a quick buck?