"Each of the discovered vulnerabilities allowed any @yahoo.com email account to be compromised simply by sending a specially crafted link to a logged-in Yahoo user and making him/her clicking on it."[1]
[1] https://www.htbridge.com/news/what_s_your_email_security_wor...