Scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers. This technique is known as Self Cross-site Scripting or Self XSS. Once an attacker or scammer gets access to users’ Facebook account, they can even post and comment on things on users’ behalf. The trick is suitable for both Google Chrome and Mozilla Firefox users. Facebook has also listed the scam on the list of threats its users have been observed to fall victim to.
Source: https://thehackernews.com/2014/07/facebook-self-xss-scam-fools-users-into_28.html