Twitter ‘onmouseover’ security flaw widely exploited

Twitter which recently gave complete new design to its users (still in rolling phase), got hit by latest XSS bug.

Upon mouse hovering a link in a tweet – it doesn’t even ask you to click – you might redirect to any website (spammers are currently using this to redirect to pornographic and gaming websites)!

Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

Twitter says that it is aware of the problem, and hopes to roll out a patch soon



This bug is created using simple JavaScript and cosmoGeek is not interested into the details on how to achieve this bug, for now, I suggest not to use official Twitter web interface.