[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSS on Yahoo Mail

To: alireza hassani <trueend5@xxxxxxxxx>
Subject: Re: XSS on Yahoo Mail
From: Lance James <lancej@xxxxxxxxxxxxxxxxx>
Date: Sun, 27 Nov 2005 15:50:15 -0800

alireza hassani wrote:

>--- Will Wesley <willwesleyccna@xxxxxxxx> wrote:
>  
>
>>Anyway, a solution is really quite simple.
>>Allow users to disable HTML in their email, or why
>>    
>>
>not by >default? 
>
>Don't you think this is not a real solution?
>User must be safe to use any option and also full
>performances.
>  
>

This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.

>Alireza Hassani (http://www.kapda.ir)
>
>
>
>               
>__________________________________ 
>Yahoo! Music Unlimited 
>Access over 1 million songs. Try it free. 
>http://music.yahoo.com/unlimited/
>
>
>  
>


-- 
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!

References:
- Re: XSS on Yahoo Mail
  - From: alireza hassani

Prev by Date: APC Security Advisory - PowerChute Network Shutdown's Web Interface Only Supports HTTP
Next by Date: ZRCSA-200503 - ktools Buffer Overflow Vulnerability
Previous by thread: Re: XSS on Yahoo Mail
Next by thread: MDKSA-2005:215 - Updated binutils packages fix vulnerabilities
Index(es):
- Date
- Thread