Yahoo fixed a critical vulnerability in its Messenger desktop and Mail applications that could allow hackers to steal identities to gain access to users" private information. In a worst case scenario, the flaw enabled hackers to hijack users" sessions and infiltrate their private accounts, as well as overtake operations in Yahoo Mail, if it was exploited.
The cross site scripting vulnerability, which occurs between the interaction of the Yahoo Messenger desktop application and the Yahoo Messenger instant messaging client, was first detected May 23 by security researchers at Cenzic, a Santa Clara, Calif.-based security company.