
Yahoo moved to patch the flaw before the bug could cause chaos
Security researchers have uncovered a flaw in Yahoo Mail that would have enabled hackers to snoop on user s emails or use the accounts to spread viruses to other people.
Yahoo s HackerOne bug bounty program was responsible for surfacing flaw, which was spotted by Finnish white hat Jouko Pynnonen, who was awarded $10,000 £7,947 for his efforts.
Normally yahoo Mail filters messages in HTML format to spot any malicious code in order to block it before it passed through a user s browser.
However, Pynnonen discovered that this barrier could be breached by with an email including a custom HTML link.
Upon opening the email, the code would immediately activate JavaScript to render a share button in the email but with broken HTML pointing to a whitelisted site.