Services like Skyhook and Google Maps provide geolocation services. This data is collected from cell phone towers and the MAC addresses of broadcasting wireless networks. Your phone or other device then looks up nearby wireless networks, towers, and uses the data to triangulate your location. Pretty awesome, huh?
Well, turns out that one of Verizon’s FiOS routers (UltraLine Series3) has an XSS vulnerability that allows a website with the correct code to capture your WLAN’s MAC address – information that is usually only visible if you are within range of the wireless network. And thus, know (usually within 10-15 meters, depending on the accuracy of the database) your location.
The proof of concept is here.