Yahoo plugs hole that allowed hijacking of email accounts

Corrine · Feb 4, 2013

It was just about a month ago that Yahoo finally rolled out HTTPS for Yahoo Mail, a security feature that other major e-mail providers have long been providing.

Yahoo has now plugged a hole that allowed hijacking of email accounts. The hackers were using a piece of JavaScript code that was exploiting a cross-site scripting (XSS) vulnerability in the Yahoo Developer Network Blog site, resulting in stealing visitors' Yahoo session cookies.

The vulnerability was discovered by BitDefender who reported it to Yahoo. Additional information about the vulnerability and how it worked is available at Yahoo plugs hole that allowed hijacking of email accounts.

Search

Search

Yahoo plugs hole that allowed hijacking of email accounts

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Yahoo plugs hole that allowed hijacking of email accounts

Corrine

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst