Symantec on Monday noted <A HREF="http://www.cio.com/blog_view.html?CID=21995">a new JavaScript worm</A> that exploits an unpatched vulnerability in Yahoo Web mail. This vulnerability enables scripts embedded in HTML e-mails to be run by the user's browser, which are normally blocked by Yahoo Mail for security reasons. The worm, JS.Yamanner@m, spreads from person to person when the user opens the e-mail that is originally sent by the worm. The worm then sends itself to the user's contacts that also use Yahoo Mail, while simultaneously sending those e-mail addresses to a remote server on the Internet.