Infosec researcher pockets $10,000 for his work
http://i1-news.softpedia-static.com/images/fitted/340x180/yahoo-fixes-bug-that-could-compromise-email-accounts-when-opening-an-email.jpg
Jan 19, 2016 10:08 GMT · By Catalin Cimpanu Yahoo! has fixed an XSS (cross-site scripting) bug that would have allowed attackers to fully compromise email accounts just by sending a malicious email. To have their account taken over, the victim would have only needed to open and view the email.
The researcher who discovered this security bug is Jouko Pynnönen, a Finish infosec professional.
According to Pynnönen, an attacker could craft malicious code that would exploit this XSS flaw and use it to "compromise the [victim's] account, change its settings, and forward or send email without the user's consent."
Full Article