A Javascript filtering vulnerability was reported in Microsoft's Hotmail e-mail service. A remote user can craft an e-mail that contains malicious Javascript that may be executed automatically by the recipient's browser, potentially sending the recipient's Hotmail authentication cookies to the remote user.
It is reported that a remote user can embed Javascript in the 'from' address field, which Hotmail apparently does not filter.
At this time there is no solution.
Underlying OS: Linux (Any), MacOS, UNIX (Any), Windows (Any)
Reported By: ObLiviON
Full Version: Hotmail Vunerabiltiy
Okay riiiigghtt... so for those of us who speak plain english the translation would be what? 
Somebody could send you an email and say it is from [insert javascript here] and the person's browser will run the javascript. This could send some very sensitive info to the person who sent you that email.
Raven - Some more info in this article and in the links IN that article: http://www.vnunet.com/News/1125387 . Pete
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.