Yahoo Mail Bug Squashed By Cyber Security Flaw Bounty Hunter

Security researchers have uncovered a flaw in Yahoo Mail that would have enabled hackers to snoop on user’s emails or use the accounts to spread viruses to other people.

Yahoo’s HackerOne bug bounty program was responsible for surfacing flaw, which was spotted by Finnish white hat Jouko Pynnonen, who was awarded $10,000 (£7,947) for his efforts.

The email company moved quickly to squash the bug before it could cause havoc through the use XXS (cross-site scripting) attacks.

Yahoo Mail bug

Normally yahoo Mail filters messages in HTML format to spot any malicious code in order to block it before it passed through a user’s browser.

However, Pynnonen discovered that this barrier could be breached by with an email including a custom HTML link. Upon opening the email, the code would immediately activate JavaScript to render a share button in the email but with broken HTML pointing to a whitelisted site. This enabled the code to sneak past the Yahoo Mail filter.

“As long as the URL pointed to a white-listed website such as YouTube, it was not further sanity checked or encoded. The value was used as is for setting a div innerHTML to create the button,” explained Pynnonen.

Using this technique, more malicious code could be injected into the HTML and cause malware and viruses to be spread without the Yahoo Mail filter blocking them.

“I tried creating an email with “abusive” data-* attributes and bingo!, found a pathological case pretty quickly.” Added Pynnonen, noting the scope of the attack vector he discovered at the year anniversary of the Yahoo Mail bug that had allowed malicious JavaScript code to be stuck into carefully crafted emails.

What was particularly notable about the bug was that the embedded HTML link did not need to be clicked by a user for the JavaScript code to be executed. As such, this vector of cyber attack could catch out people who are more savvy to the danger of clicking on dodgy links in emails.

Luckily for Yahoo, this bug was spotted before it has had time to be rigorously exploited, as one major hack attack and data leak this year has already caused major problems for Yahoo.

Are you a security expert? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

4 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 days ago