Yahoo Inc. has patched a hole in its Web e-mail service that could have allowed malicious hackers to run malicious computer scripts on computers that use Microsoft Corp.'s Internet Explorer Web browser to check Web e-mail accounts.
The company applied a fix for the vulnerability on Tuesday, shortly after Israeli security company GreyMagic Software published an advisory warning about the problem, which also affected Microsoft's Hotmail e-mail service.
Hotmail and Yahoo filter incoming HTML-format e-mail messages for malicious code. However, the filtering, combined with an Internet Explorer (IE) feature used to process extensions to HTML (Hypertext Markup Language) called HTML + TIME (Timed Interactive Multimedia Extensions), made it possible to inject malicious script into incoming e-mail messages, GreyMagic said.
http://www.infoworld.com/article/04/03/24/HNyahoopatch_1.html
Also in http://www.pcworld.com/news/article/0,aid,115360,00.asp
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
Yahoo patches e-mail hole
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic