Yahoo has reportedly fixed yet another XSS vulnerability in their email service, one which allowed an attacker to read anyone's email without the benefit of login credentials. (archived) The company reportedly paid security researcher Jouko Pynnonen a mere 10,000 US dollars for reporting the bug privately, instead of following the path of Peace and releasing the lulz on the internet at large. The news comes on the heels of Yahoo revealing earlier this year a breach that occurred in 2014 that compromised half a billion user account credentials.