Twitter Explains This Morning's Glitch
Twitter has posted an official explanation of the “onMouseOver” security flaw that hit users of the Web site this morning and has since been resolved: “The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS)…In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.” Security team member Bob Lord said that the issue had been discovered and patched last month, but a recent site update resurfaced it.