[Sosa]

So I'm checking my Yahoo web email when I get to a typical drug spam message. When I click on the "spam" button on top, it takes me to the drug website link! In fact, clicking anywhere in that tab in Safari does this! My other tabs were not affected.

Has Safari been cracked or is it Yahoo mail that's been affected?

I'll send you the spam email if you wish to check yourself.

[CubeWannaB]

I'd have to see it to be sure, but the javascript would have to be doing something to target the web site, not your browser. It may even be possible that they're using a high-level event-based attack that would work similarly for all web email.

That's the way I'd do it, anyway.

[Millennium]

I agree with CubeWannaB on this one. Most likely, what you're dealing with is a JavaScript-based attack on Yahoo Mail, not Safari. This same sort of attack will affect other browsers as well.