Nir Goldshlager’ exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. According to hacker, if the victim has an installed application like Skype or Dropbox, still hacker is able to take control over their accounts. An attacker required only a URL redirection or cross site scripting vulnerability on the Facebook owner app domain i.e in this scenario we are talking about skype facebook app.
Source: https://thehackernews.com/2013/04/url-redirection-flaw-in-facebook-apps.html