[41377] in bugtraq
Re: XSS on Yahoo Mail
daemon@ATHENA.MIT.EDU (Lance James)
Mon Nov 28 14:55:33 2005
Message-ID: <438A4637.2080001@securescience.net>
Date: Sun, 27 Nov 2005 15:50:15 -0800
From: Lance James <lancej@securescience.net>
MIME-Version: 1.0
To: alireza hassani <trueend5@yahoo.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20051126180037.73924.qmail@web51009.mail.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
alireza hassani wrote:
>--- Will Wesley <willwesleyccna@yahoo.de> wrote:
>
>
>>Anyway, a solution is really quite simple.
>>Allow users to disable HTML in their email, or why
>>
>>
>not by >default?
>
>Don't you think this is not a real solution?
>User must be safe to use any option and also full
>performances.
>
>
This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.
>Alireza Hassani (http://www.kapda.ir)
>
>
>
>
>__________________________________
>Yahoo! Music Unlimited
>Access over 1 million songs. Try it free.
>http://music.yahoo.com/unlimited/
>
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!
