Mail.ru: Cross application scripting via account.mail.ru
Crossapplication scripting via User-Agent on push login confirmation functionality in mobile application in the context of account.mail.ru domain allowed session hijacking with minimal user interaction...