"When the power of love overcomes the love of power, the world will know peace." Johnny Allen "Jimi" Hendrix (1942-1970), U.S. musician (On June 18, 1967, Hendrix burned his guitar on stage)
Madrid, June 18, 2007 – After the two problems reported in Yahoo! Messenger, a flaw has been detected in Yahoo! concerning XSS handling.
A proof of concept has been published which allows Yahoo Mail accounts to be fraudulently used by exploiting this error. An attacker could have complete access to a Yahoo! account simply by tricking the targeted user into clicking on a link.
Apart from reading emails, the attacker could obtain the entire address-book, therefore getting valid email addresses to send spam to, and could send instant messages impersonating the legitimate user. Finally they could use other Yahoo services, such as Yahoo Photos.
Oxygen3 recommends you to avoid clicking suspicious links. As a general rule, you should access web pages by typing addresses directly into the browser instead of clicking on links.