ZDNet UK - Where Technology Means Business

ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

Yahoo mail flaws fixed

Published: 20 Aug 2004 09:05 BST

Yahoo fixed two flaws in its free mail system that could have allowed a malicious user to read a victim's browser cookies and change the appearance of some pages, Yahoo said on Thursday.

A representative of the company said the flaws were fixed last month by making changes on the company's Yahoo Mail servers.

"We were alerted of it at the end of May, early June," spokeswoman Mary Osako said. "There ended up being two variations of the issue: one which we could reproduce in a few days and the other which took a lot of effort to reproduce."

The vulnerabilities are of a type known as cross-site scripting flaws, which typically take advantage of scripting languages and misconfigured Web servers to launch attacks against a user's computer. The attacks typically redirect the user to another Web site, allow access to the user's cookies or, sometimes, allow the attacker to run code on the victim's computer.

Yahoo fixed the flaws in its server code. No patch is required by the Yahoo Mail users.

Did you find this article useful?
73 out of 139 people found this useful

In association with Intel

Full Talkback thread

2 comments

I am pleased to read that your problems have been... Richared Oblander
I wonder flaws have been fixed or rejuvinated, but... Anonymous

Related Links

News Acrobat flaw opens door to attack
News Google fixes security hole
News Yahoo site security issue addressed
News Scripting flaw hits Hotmail and Yahoo
News IE has another megapatch

Most Recent
Most Popular
Most Discussed

More In Security threats

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

Content Producer

Embedded Software Architect

Senior Bluetooth Embedded Software Engineer

Install Flash Player Plugin

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers

Skip Sub Navigation Links to CNET Brand Links

About CNET Networks UK

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved