A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email.

Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo! Mail service that could have allowed an attacker to execute malicious JavaScript code hidden in emails.