Twitter Javascript bug opens security hole to malware & ****
Shock, horror and redaction-themed confusion on Twitter this morning, as an apparent javascript hole has seen the short-messaging service overrun by black boxes which can spawn pop-up messages and even open new browser windows. The flaw has been exploited by various people, some for entertainment purposes such as changing colors, but others using it to redirect users to ****ographic sites and potentially malware-infested pages.

The current advice – until Twitter wakes up and fixes things – is to avoid clicking or mousing-over any of the blacked-out messages in your timeline. Alternatively, use a third-party Twitter app (or indeed one of Twitter’s official clients for mobile devices like the iPad or Android smartphones) or the m.twitter.com official mobile site, which do not appear to be suffering from the same issue.

Source: http://www.slashgear.com/twitter-jav...ages-21103461/
Another source: http://www.techradar.com/news/intern...ts-site-718293

---

I saw this happen on my friends timeline just a few minutes ago. If it happens to you, to further prevent others from hovering over the link, go to the mobile version of the page and delete the "retweet" from your page.

Edit
From Twitter's Status blog:
We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again when it is.

Update (6:50 PDT, 13:50 UTC): The exploit is fully patched.

OMG!!!It happened to me!!I tried to delete the retweet but it keeps coming back....I closed the tab without logging out of twitter because I paniced..

I'm scared. Is my computer infected now?

You can try going to the mobile version of the site (m.twitter.com) to delete that retweet but avoid the main site for now since there are reports that you don't even have to mouseover anything to make it work. The javascript link only opens up tabs and runs stuff on the twitter page, so there is a slim chance you could have gotten malware from one of the sites it opened up, if any. Just run a spyware/malware program sometime later to be safe.

I was like when i logged in.
Thanks God twitter is back now

Well, I didn't get any pop-ups or lead me to any sites....it just kinda blacked out,saying there's an error,retweet by mastsa,etc.

I went back and was able to log out safely though I'm trying to download tweetdeck right now

Good to hear that nothing popped up for you, other the error.
Yeah, I love TweetDeck. You can also delete your tweet from that desktop application

Is Twitter safe now? Lol

Security hole and **** in the same sentence?

http://status.twitter.com/post/11614...ed-and-patched
Yes, as safe as it can be, haha

Thanks, I would have been a mess if Twitter was unsafe to access all day.

I guess I'm stupid. I thought it those Mastsa RT only happened to me. I deleted my account fearing that I might spread the virus from my followers. Now I deactivated my account and lost all my followers. Silly me!