Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users Facebook accounts. In what s technically being referred to as an open direct vulnerability, both applications failed to validate sites before sending users and their access tokens to them. Security researcher Nir Goldshlager discovered the vulnerability and responsibly disclosed it to both Dropbox and Skype who went on to publish a fix for the flaw. A Facebook access token could give an attacker access to anything the user had already granted the app to do.
Source: https://threatpost.com/skype-dropbox-patch-critical-facebook-authentication-bugs-040413/77699/