SAN FRANCISCO – On Tuesday micro-blogging service of Twitter asserted that it has fixed a security flaw which permits messages to pop-up and third-party website gets opened whenever users move their mouse over any link. Twitter said it had solved nearly all the issues as it was notified of the security exploit on early Tuesday morning.

The violation in security was occurred by cross-site scripting, which is practice of placing code from an untrusted website into another one.  Twitter said in a post on the company’s blog, “In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.” Users had even added code that caused people to retweet the original Tweet without their knowledge and exploited the security hole by turning tweets different colors, causing pop-up boxes with text to appear.

Graham Cluley, an expert at security firm Sophos, wrote in his blog post that thousands of Twitter accounts have posted messages exploiting the flaw. Cluley pointed out that security breach include Sarah Brown, wife of former British Prime Minster Gordon Brown, whose Twitter pages have been messed, and compelled the authorities to take an immediate action.

Twitter said it did not impact its mobile website or mobile applications; it only affected Twitter.com and does not affected computer or user’s accounts. Twitter said in his blog post, “There is no need to change passwords because user account information was not compromised through this exploit”.