Facebook has blamed a browser vulnerability and naive user behaviour for an explicit spam campaign that hit the service earlier this week. The company said it had now tracked down the root cause as being a “self-XSS” flaw in which users were socially engineered into cutting and pasting malicious Javascript into the URL bar. Facebook hasn’t mentioned which browsers it thinks are vulnerable – it could in theory be any running Java – nor why user behaviour would constitute a browser flaw in the first place. It hasn’t said what defensive measures it would recommend to users affected by the issue.”]
Source: https://www.csoonline.com/article/2130263/facebook-blames-porn-attack-on–browser-vulnerability-.html