Web-based Mail Threat Looms
A security company on Tuesday warned that a new threat exists for Web-based e-mail services such as Yahoo and Hotmail. Microsoft has patched its service, the researchers said.A security research and development company on Tuesday reported that a vulnerability in Web-based e-mail services could lead to the theft of password information as well as open a users machine to attack by worms or other threats. According to an alert issued Tuesday by Israel-based developer and security consultancy GreyMagic Software, a flaw in e-mail filtering software for both Yahoo Inc. and Microsoft Corp.s Hotmail Web-based e-mail services could result in the theft of login and password information; the disclosure of message contents in the users mailbox and contact file; and the exploitation of the users machine by an outside agent. GreyMagic said in its report, dubbed "Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo," that the intrusion mechanism was not limited to Hotmail and Yahoo and could apply to "other Web-based services that attempt to filter HTML input."
However, the company said Microsoft was alerted to the flaw and had fixed Hotmail earlier in the month. It had not been contacted by Yahoo about its service.