Yahoo fixed an XSS flaw that allowed hackers to read any user’s email by simply sending a new email, according to news reports.
The bug, reported by a Finish researcher, affected Yahoo’s email HTML filtering system. Yahoo filters HTMLs to prevent malicious code from executing in the web browser. However, if you embedded the link of a reputable site, Yahoo wouldn’t pay much attention to it.
Using this insight, Jouko Pynnonen sent an email with different kinds of attachments to inspect the “raw” HTML of that email.
“As long as the URL pointed to a white-listed website such as YouTube, it was not further sanity checked or encoded,” a blog post detailing the research reads.
The attack required the victim to view an email sent by the attacker,” the researcher says. “No further interaction (such as clicking on a link or opening an attachment) was required.”
The flaw was patched on Nov. 29 as a result of Yahoo’s bug bounty program, and the white hat hacker was rewarded with $10,000.
Last year, Jouko Pynnonen reported another serious Yahoo flaw that allowed an attacker to take over any user’s account by using XSS vulnerability.