Hum,
this may affect some of the members here (oh, misses!)...
Yes, another severe security vulnerability...
Flaws in the filtering technology used by Web-based email services Yahoo and Hotmail, make it possible for hackers to smuggle viruses past defences.
this "severe security" vulnerability could allow attackers to run code of their choice, "simply by sending an email to an unsuspecting Hotmail or Yahoo! user". When the victim attempts to read this email, the code executes to potentially dire consequence (e.g. theft of the user's login and password, seizure of machines etc.). The problem stems from a Cross-Site Scripting vulnerability involving IE. To blame is a new way to embed script involving an IE technology called HTML+TIME (based on SMIL), which is meant to add timing and media synchronisation support to HTML pages.
BTW i`m testing Mozilla 1.7beta just now (er, it has only crashed twice in two days. but still worth a look in)
http://mozilla.org/releases/mozilla1.7b/P.S. NO FIX for vulnerability ISSUED YET....
