"Hours after Web analytics firm Netcraft (www.netcraft.com) announced a flaw on a Yahoo (www.yahoo.com) website used to steal users’ authentication cookies to gain access to Yahoo accounts, such as Yahoo Mail, the company blocked entry to hackers.
In an email message to theWHIR Monday, Yahoo’s HotJobs division
stated that the cross-site scripting vulnerability found on Sunday was
quickly fixed. "The team was made aware of this particular Cross-Site
Scripting issue yesterday morning (Sunday, October 26) and a fix was
deployed within a matter of hours," read the statement. "Yahoo
appreciates Netcraft’s assistance in identifying this issue."
According to a Sunday post from Netcraft,
"The attack exploits a cross-site scripting vulnerability on Yahoo’s
HotJobs site at hotjobs.yahoo.com, which currently allows the attacker
to inject obfuscated JavaScript into the affected page. The script
steals the authentication cookies that are sent for the yahoo.com
domain and passes them to a different website in the United States,
where the attacker is harvesting stolen authentication details."
Read More: http://www.thewhir.com/marketwatch/102808_Yahoo_Fixes_Security_Flaw_Quick.cfm