An exploit selling for $700 on an underground site might put millions of Yahoo Mail users in danger of having their e-mail account hijacked and their browsers redirected to malicious sites, most likely exploit packs.
Marketed by an Egyptian hacker on a underground forum, the exploit aims at cross-site scripting (XSS) exposure in Yahoo.com that permits attackers to steal and replace tracking cookies, in addition to read and send e-mail from a victim’s account.
Commonly, an attacker will encrypt a malevolent link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing admittance to the cookies and other sensitive information.