An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.
Marketed by an allegedly Egyptian hacker on a cybercrime forum, the exploit targets a cross-site scripting (XSS) vulnerability in Yahoo.com that allows attackers to steal and replace tracking cookies, as well as read and send e-mail from a victim's account. Typically, an attacker will encode a malicious link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing access to the cookies and other sensitive information.

The link for this article located at CNET is no longer available.