Skype Bug Lets Users Hijack Accounts

A remote exploit in the Skype application that allows account theft is `minor', because, ``as you can imagine, someone who you deal with frequently is probably unlikely to take advantage of this bug anyways.''<p>Give me a moment to collect my jaw from the floor.

My favorite part of this is that for some reason, the HTML document they're using to display (unsanitized) user details in the Skype application has a cookie set that contains the logged in user's login token. Why is that even necessary to display another user's profile?