eBay recently fixed a vulnerability that could have been used to trick users into believing they were downloading a file from a legitimate eBay domain. In some browsers, including Internet Explorer 8 and 9, the attack is possible by just having the user load the malicious URL. On other browsers the attacker would have to force the user to download the file. The company eventually rolled out a fix for the bug earlier this week. Similar vulnerabilities have been discovered in services from Facebook and Instagram in recent months. A researcher at WebSegura in Portugal said that attacks against these vulnerabilities are relatively simple to carry out.
Source: https://threatpost.com/ebay-fixes-reflected-file-download-flaw/112983/