A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection. The attack required Facebook users to copy and paste JavaScript directly into their browser s address bar. That script allowed the attackers to modify the user s Facebook page, posting the offending images and then messaging the user’s Facebook friend network. The campaign caught the attention of the media this week after users began complaining about the offensive content on their Facebook walls.
Source: https://threatpost.com/facebook-user-error-behind-porn-mutilation-spam-111711/75907/