Software developer James Slater says Twitter has yet to fix a cross-site scripting bug he disclosed yesterday, reports Computerworld. The vulnerability allows criminals to hijack accounts or redirect users to malicious Web sites. You don't even have to click on anything to be affected, says Slater.
"Simply by seeing one of these [malformed] tweets, code can be run inside your browser impersonating you and doing anything that your browser can do."
Until the bug is patched, Slater recommends that users ditch any followers they don't personally know or trust.