Yahoo fixes two flaws in mail system

By Robert Lemos
Staff Writer, CNET News

Post a comment

Related Stories: Filter flaw vexes Hotmail, Yahoo
March 23, 2004; Yahoo plugs IM security hole
December 5, 2003; Microsoft plugs second Passport hole
July 2, 2003; Yahoo Mail puts words in your mouth
July 17, 2002

Yahoo fixed two flaws in its free mail system that could have allowed a malicious user to read a victim's browser cookies and change the appearance of some pages, Yahoo said Thursday.

A representative of the company said the flaws were fixed last month by making changes on the company's Yahoo Mail servers.

"We were alerted of it at the end of May, early June," spokeswoman Mary Osako said. "There ended up being two variations of the issue: One which we could reproduce in a few days and the other which took a lot of effort to reproduce."

The vulnerabilities are of a type known as cross-site scripting flaws, which typically take advantage scripting languages and misconfigured Web servers to launch attacks against a user's computer. The attacks typically redirect the user to another Web site, allow access to the user's cookies or, sometimes, allow the attacker to run code on the victim's computer.

Yahoo fixed the flaws in its server code. No patch is required by the Yahoo Mail users.

Latest tech news headlines

Kerry, U.N.'s Ban upbeat on climate prospects
Posted in Green Tech by Reuters

November 10, 2009 5:44 PM PST
Will Craigslist drive scalpers out of business?
Posted in Digital Noise: Music and Tech by Matt Rosoff

November 10, 2009 5:44 PM PST
Sponge absorbs 180 times its weight (in toxic sludge)
Posted in Crave by John Herrman

November 10, 2009 5:37 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Yahoo (0.12%) 0.02 16.04; Dow Jones Industrials (0.20%) 20.03 10,246.97; S&P 500 (-0.01%) -0.07 1,093.01; NASDAQ (-0.14%) -2.98 2,151.08; CNET TECH (0.21%) 3.30 1,571.59

Inside CNET News

Scroll Left Scroll Right

Crave
Sponge absorbs 180 times its weight (in toxic sludge)
Researchers in China have adapted carbon nanotubes into a sponge-like material that can be squeezed dry and used to mop up oil spills.
Gallery
Images: Firefox through the ages
Digital Noise: Music and Tech
Create audio messages from song samples
Let Them Sing It For You is a Web app that lets you enter a text message, then splices the words together from pieces of songs it finds on the Web.
Beyond Binary
Microsoft moves MSN Video under Bing umbrella
The software maker said on Tuesday it is combining its video search and MSN content under the Bing brand.
Video
Exploratorium's shocking 40th anniversary kicks off
Digital Noise: Music and Tech
Will Craigslist drive scalpers out of business?
If I want good seats to a sold-out show, I wait until the last minute and buy via the Internet . How long before everybody else figures this out?
Video
A new workout for the Wii
The Social
A new set of rules for social games
Playfish's $300 million sale to Electronic Arts seems to spell good news for other makers of social-network games, but this is a fast-growing and messy niche filled with one plot twist after another.
Health Tech
New York hospital revives ailing computer network
St. Vincent's Medical Center switches to desktop virtualization and sees big savings in both staff time and electric bills.
Gallery
Photos: Top-rated reviews of the week
Dialed In Podcast
Prizefight: Motorola Droid vs. iPhone 3GS
A panel of judges from CNET.com take a look at the Motorola Droid and the iPhone 3GS to determine which is the better touch-screen smartphone.
Green Tech
Kerry, U.N.'s Ban upbeat on climate prospects
U.S. Senator John Kerry says he'll try to outline a compromise climate control bill, and U.N. Secretary-General Ban Ki-moon is upbeat on Washington's intentions.