Thanks to member siddhs for the heads up on this.
Monday Symantec released an advisory concerning a vulnerability in Yahoo Mail that is currently being exploited by JS.Yamanner@m, a new worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts. At the time the advisory was issued there was no patch for the vulnerability, but by the end of the day Monday Yahoo said that it had a fix for the flaw and that very few of its customers had been affected. This vulnerability only exists in Yahoo Mail and does not affect users of the latest version of Yahoo Mail Beta.
View: Symantec Advisory
News source: ZDNet Asia