Twitter flaw allows websites to open on mouseover

Elena Santos

Elena Santos

  • Updated:

UPDATE 4:48 pm: According to Twitter’s Safety Team leader Del Harvey, the flaw is now patched and no longer exploitable.

Twitter is known for its stability issues, but this is definitely the last straw. A security flaw in the application’s code is enabling third-party websites to publish tweets, open window messages and redirect you to other pages. The problem started to spread early this morning as apparently harmless, colorful tweets and has ended up rendering the Twitter website completely useless.

Twitter is broken

The flaw allows third-party websites to exploit a vulnerability in the “onmouseover” command, and run processes on the Twitter website simply by moving the mouse over a link. It’s precisely this simplicity what is making the bug spread so fast, as it’s automatically being copied and published on status updates.

The ‘onmouseover flaw’ is not really that dangerous in itself, but it could be potentially annoying as it allows to redirect Twitter users to other not-so-innocuous websites, as happened to Sarah Brown, wife of the former British Prime Minister.

For now, and until the Twitter team fixes this complete mess, the best you can do is stay away from the Twitter website and use a desktop client or your Twitter mobile app to follow your timeline. Also, avoid mousing over or clicking on any suspicious tweets displaying color text or weird source code.

Elena Santos

Elena Santos

Latest from Elena Santos

Editorial Guidelines