GreyMagic Security Advisory GM#006-MC - GreyMagic discovered that by sending a maliciously formed email to a Yahoo user it is possible to circumvent the filter and execute script in the context of a logged-in Yahoo! user due to a cross site scripting flaw.
b68af6d21ce14685b4eb42ae8efb1c84859267ea5fe66cfc86989825728682c8