The technique can be used to exploit a vulnerability in some home Internet routers and, when combined with other information, pinpoint a user s physical location. The tactic utilizes a combination of cross-site scripting and some freely available tools and information on the Web. The attacker must first get the victim to visit a malicious Web site, which then exploits a flaw in the victim’s home router. In his example, Kamkar uses a flaw he discovered in a router used by Verizon FiOS customers. He later was sentenced to three years probation as part of a plea agreement.
Source: https://threatpost.com/new-attack-locates-web-users-xss-google-data-010510/73325/