CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Yahoo Fixes Two Flaws In Mail System!   Logged in as: Guest
Viewers: 559 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> Yahoo Fixes Two Flaws In Mail System! Page: [1]
Login
Message << Older Topic   Newer Topic >>
Yahoo Fixes Two Flaws In Mail System! - 8/20/2004 7:06:40 AM   
SiliconFreak


Posts: 12103
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
Yahoo fixed two flaws in its free mail system that could have allowed a malicious user to read a victim's browser cookies and change the appearance of some pages, Yahoo said Thursday in the US.

A representative of the company said the flaws were fixed last month by making changes on the company's Yahoo Mail servers.

"We were alerted of it at the end of May, early June," spokeswoman Mary Osako said. "There ended up being two variations of the issue: One which we could reproduce in a few days and the other which took a lot of effort to reproduce."

The vulnerabilities are of a type known as cross-site scripting flaws, which typically take advantage scripting languages and misconfigured Web servers to launch attacks against a user's computer. The attacks typically redirect the user to another Web site, allow access to the user's cookies or, sometimes, allow the attacker to run code on the victim's computer.

Yahoo fixed the flaws in its server code. No patch is required by the Yahoo Mail users.


Source : ZDNET
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> Yahoo Fixes Two Flaws In Mail System! Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.233