Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
GitHub

Web application synchronization between different tabs

sysend.js is a small library that allows to send messages between pages that are open in the same browser. It also supports Cross-Domain communication (Cross-Origin). The library doesn't have any ...
GitHub

browser_snapshot returns lone Unicode surrogates causing "no low surrogate in string" JSON errors

browser_snapshot (and potentially other tools returning page content) can return text containing lone Unicode surrogates from DOM textContent. These are valid in JavaScript strings but invalid in JSON ...