Yahoo fixes two flaws in mail system

Yahoo fixed two flaws in its free mail system that could have allowed a malicious user to read a victim's browser cookies and change the appearance of some pages, Yahoo said Thursday in the US.

A representative of the company said the flaws were fixed last month by making changes on the company's Yahoo Mail servers.

"We were alerted of it at the end of May, early June," spokeswoman Mary Osako said. "There ended up being two variations of the issue: One which we could reproduce in a few days and the other which took a lot of effort to reproduce."

The vulnerabilities are of a type known as cross-site scripting flaws, which typically take advantage scripting languages and misconfigured Web servers to launch attacks against a user's computer. The attacks typically redirect the user to another Web site, allow access to the user's cookies or, sometimes, allow the attacker to run code on the victim's computer.

Yahoo fixed the flaws in its server code. No patch is required by the Yahoo Mail users.

Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Suzanne Tindal Sick of broken tender sites
    Some of the state governments desperately need to invest in more user-friendly tender sites so that looking for information on government tenders doesn't have to be a game of blind man's bluff.
  • Array Cyberwar: What is it good for?
    In this week's episode, Cyberwar. What is Australia's place in the world of digital warfare? What are the implications for the NBN?
  • Array Is wholesale-only backhaul just a pipedream?
    The potential acquisition of Pipe Networks by SP Telemedia has raised the question about whether vertically integrated backhaul providers will mean higher wholesale prices for ISP customers.
  • More blogs »

Tags

  1. 490 articles are tagged with 3g
  2. 43 articles are tagged with afact
  3. 1279 articles are tagged with apple
  4. 83 articles are tagged with asic
  5. 141 articles are tagged with ato
  6. 1308 articles are tagged with broadband
  7. 14 articles are tagged with cenitex
  8. 671 articles are tagged with cio
  9. 254 articles are tagged with conroy
  10. 393 articles are tagged with copyright
  11. 319 articles are tagged with court
  12. 47 articles are tagged with david thodey
  13. 156 articles are tagged with exchange
  14. 152 articles are tagged with firewall
  15. 1039 articles are tagged with government
  16. 790 articles are tagged with hp
  17. 1306 articles are tagged with ibm
  18. 224 articles are tagged with iinet
  19. 353 articles are tagged with iphone
  20. 289 articles are tagged with isp
  21. 7 articles are tagged with jodee rich
  22. 11 articles are tagged with kim carr
  23. 36 articles are tagged with michael malone
  24. 1484 articles are tagged with microsoft
  25. 36 articles are tagged with mike quigley
  26. 1127 articles are tagged with mobile
  27. 220 articles are tagged with national broadband network
  28. 400 articles are tagged with nbn
  29. 202 articles are tagged with new zealand
  30. 198 articles are tagged with nsw
  31. 61 articles are tagged with one.tel
  32. 930 articles are tagged with open source
  33. 885 articles are tagged with optus
  34. 16 articles are tagged with pdc
  35. 173 articles are tagged with queensland
  36. 2653 articles are tagged with security
  37. 70 articles are tagged with separation
  38. 10 articles are tagged with sp telemedia
  39. 180 articles are tagged with stephen conroy
  40. 656 articles are tagged with sun
  41. 85 articles are tagged with supercomputer
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2447 articles are tagged with telstra
  46. 140 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 32 articles are tagged with tpg
  49. 177 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured