Attack allows personal information including full name, profile picture, and friends list to leak to an eagerly awaiting hacker. The uniqueness of this attack is that the unaware user’s data may be stolen when she is surfing a legitimate, trusted site, not a site controlled by the attacker. The attack only works if the user is logged on to Facebook during the attack. This, together with the vast amount of Facebook users, makes this attack a serious threat. I’ve notified the Facebook security team about this issue, and it should hopefully be resolved soon.”]
Source: http://blog.quaji.com/2009/07/facebook-personal-info-leak.html