Few years ago, gaining exploits was available only in some underground forums or chat rooms. Today there are many forums to get them and some hackers sell their founding. Some of them they even advertise them in public. Like “TheHell” which is showing a Yahoo! mail exploit and says that it sells it for $700. It is a cross-site scripting (XSS) vulnerability and according to the hacker, it works on all the browsers. What it does, it steals the cookie from the victim. Don’t be afraid just yet, in order to work the attacker must send a link to his victim and the victim click on that link. Of course it is very easy to create a website, offer something for free and have this link instead. Yahoo! is aware of that and they are working on a fix, I hope soon.
You can buy a Yahoo mail exploit