An Israeli security company is warning users of Yahoo’s Web e-mail service and Microsoft’s Hotmail service of a serious security flaw that could allow remote attackers to run malicious computer scripts on computers using Microsoft’s Internet Explorer Web browser to check Web e-mail accounts.The vulnerability was discovered in an Internet Explorer feature used to process extensions to HTML called HTML + TIME. The security hole could allow attackers to steal logon and password information, or browse the contents of an e-mail account, according to an advisory released by GreyMagic Software.The company tested the vulnerability against Yahoo and Hotmail, but it could affect other e-mail services, GreyMagic said.Microsoft was informed of the problem on March 11 and has already patched its Hotmail service against the hole. However, Yahoo users and other users of Web based e-mail services could be vulnerable to attack using the security hole, GreyMagic said. Yahoo could not be reached for comment.HTML + TIME, or Timed Interactive Multimedia Extensions for HTML, is a technology standard that adds support for media playback timing and Synchronized Multimedia Integration Language (SMIL) files to HTML. HTML + TIME is intended to make it easier to deliver multimedia content to Web browsers over the Internet, according to the World Wide Web Consortium. Hotmail and Yahoo filter incoming HTML-format e-mail messages for malicious code. However, the filtering, combined with support for HTML + TIME, makes it possible to use to inject malicious script into incoming e-mail messages, GreyMagic said.The script would be run when the Web e-mail message is opened and could be used to exploit the machine on which the Web mail was being read. However, the IE browser had to be used to check the Web mail account for the exploits to work, the company said.GreyMagic says the HTML + TIME vulnerability creates a new avenue for embedding malicious script in e-mail messages and may not be detected by other Web e-mail providers. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe