Serious security flaw in OAuth and OpenID discovered

serious vulnerability "Covert Redirect" flaw can masquerade as a login popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter.