Users shouldn't click on suspicious links, or any links to be sure
Yahoo Mail is apparently vulnerable to an XSS exploit which could leave users with compromised accounts or worse.The cross-site scripting vulnerability is at the DOM level and works in all major browsers, its creator claims. Yahoo is investigating the issue but hasn't said much else on the matter.
Regardless of how widespread the problem is, until Yahoo fixes it, users should take even more precautions than usual. All it takes to stay safe is not clicking on any link you seen in an email that seems strange, or not clicking on any link at all to be sure.
If you believe you've been the victim of the attack, change your password immediately. Yahoo should be fixing the issue soon, but in the meantime, it pays to play it safe.
UPDATE: Yahoo has fixed the vulnerability within a few hours of finding out about it.
"We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed," Yahoo explained.