この脆弱性は、フォームから入力されたツイートのエスケープ処理が不完全で、URLが自動リンクされる際に、a要素内に任意のHTMLオプションを埋め込むことができるもの。攻撃コードがonMouseOverイベントを利用していたため、「onMouseOver」問題と呼ばれている。 Twitterブログの事後説明 によると ...

Twitter.com was once again the brunt of a rapidly spreading worm after attackers exploited a vulnerability in "onMouseOver" JavaScript in order to bombard users with serial pop-ups and ...

The latest Twitter security exploit took advantage of the onMouseOver javascript code on the website, but it didn't appear to affect the third-party Twitter clients that many use to keep track of ...

Hopefully Twitter will shut down this loophole as soon as possible – disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk. Some users are also ...

The attack took advantage of the main Twitter’s web interface, which fails to disallow the ‘onMouseOver’ Javascript command.

Google is constantly combatting search engine spammers (I know some to do not like to be called this, so sorry). This past update, they began blocking an other type of spam named onmouseover ...

The massive Twitter "onMouseOver" attack on Tuesday may have been triggered by a Japanese hacker who claimed he wanted to expose a cross-site scripting flaw on the site.

Javascript command used to distribute malware. Australian teenager Pearce Delphin has been credited with discovering the onMouseOver scripting vulnerability that hit twitter.com last night.