Twitter ‘onmouseover’ Security Flaw Invaded Thousands of Users

Have you been an avid Twitter user? Might probably be one of those thousands of its users that has been affected by this so called ‘onmouseover’ security flaw.

Victims of this particular bug has been directed to some websites without their consent. Twitter has posted recently in their status blog the following statement: “We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”.

The bug basically would lead a user to pop up windows and sites, including those offensive and porn sites, by just merely hovering your mouse over some link that has been tweeted. That’s how its name ‘onmouseover’ has been derived.

The bug uses a JavaScript function called onMouseOver wherein if the user happens to pass the cursor over a chunk of text, a certain event will happen.

As of the moment, the flaw has been affecting Twitter’s web interface only and users are advised to use third party apps only like TweetDeck wherein it was observed to be not affected yet.

Mashable was able to contact a Twitter spokesperson regarding this matter and said, “This should now be fully patched and is no longer exploitable.”

The picture shown above is an example of an “onmouseover” bug that has been spreading lately as being posted in Mashable, better be watchful.

Leave a Reply

Your email address will not be published. Required fields are marked *