Yahoo, which was in the limelight for revealing a massive hack on its users earlier this year, has fixed a critical cross-site scripting (XSS) security flaw in its email system that would have allowed attackers to access any email. The flaw was discovered and reported by Finland-based security researcher Jouko Pynnonen who earned $10,000 for the feat from Yahoo's bug bounty programme.