The vulnerability enabled the worm, called Yamanner to infect a computer and proliferate via its email address book to other Yahoo Mail users merely by opening the email message.
Yamanner exploits a vulnerability that enables scripts embedded in HTML e-mails to be run by the user's browser. Yahoo Mail normally blocks JavaScript programs but there was one script it allowed which concerned uploading images in emails to the server. Yamanner substituted its own JavaScript code for the image handling script.
The Yahoo Mail vulnerability and its relation to JavaScript has raised the issue over security related to the provision of web services that use JavaScript.
Yahoo, Google and other companies have already released products to the market based on the current web services technology flavour of the month AJAX (Asynchronous JavaScript And XML).
