Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Because sometimes it is rocket science.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

4. Visual C++ Redistributable Runtimes AIO Repack

5. Visual C++ Runtime Installer (All-In-One)

6. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Sergei Strelec's WinPE

How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

How to Fix Shallow Paint Layer Depth in Bambu Studio

Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

How To Use VLC Media Player to Trim Video Clips

What Is the $WinREAgent Folder and Can I Delete It?

Swear Your Way to Better Search Results

How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Enable, Disable, Manage, Delete or Create a System Restore Point

Serious Flaw Found in Yahoo Mail

Posted by: Timothy Weaver on 01/20/2016 10:40 AM [ Comments ]

Yahoo mail had a serious cross-site scripting (XSS) vulnerability that affected more than 300 million email accounts globally. It was patched earlier this month, bagging a $10,000 bug bounty for the researcher who discovered it.

The flaw allowed malicious JavaScript code to be embedded in a specially formatted email message. The code would be automatically evaluated when the message was viewed. The JavaScript could be used to then compromise the account, change its settings, and forward or send email without the user's consent.

Jouko Pynnönen of Klikki Oy, Finland, explained: “Yahoo Mail displays HTML-formatted email messages after filtering any potentially malicious code. The problem lies in this process. Certain malformed HTML code could pass the filter.”

All versions of Yahoo mail were affected which is the second largest email service worldwide.

"We provided Yahoo with a proof of concept email that would forward the victim user's inbox to an external website, and an email virus which infects the Yahoo Mail account and attaches itself to all outgoing emails. The bug was fixed before any known exploits in the wild,” explained Pynnönen.

Source: InfoSecurity

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition