Mail.ru: easyXDM allows cross domain postmessaging with any origin, leaking sensitive info

Mail.Ru Agent uses easyXDM library for crossdomain communication between different mail.ru messaging systems. For modern browsers postMessage is used inside. The security issue was because of lacking ACL for domains. So malicious man could in some circumstances he should know victim's email, forc...