You should know about the P0rn attack that spread through your Facebook newsfeed. P0rnographic images and videos were spreading through newsfeed. It appeared as your friend posted it, but the interesting part is that, your friend didn’t even know what happened when you ask him.
There is no details on who was behind this attack. Anyway many people think the hacking activists group Anonymous did it. Now Facebook identifies that this spam attack was the result of a browser vulnerability. It was not done by Anonymous. The people behind this attack worked out a self XSS attack through a browser vulnerability. XSS is otherwise known as Cross Site Scripting. This is a security hazard that enabled hackers and crackers to interfere with browser logic by inserting their own logic and thus creating a vulnerability.
A java script code will be executed in your browser, that is capable of taking full control of the website you’re accessing. In this case, this turned out to be Facebook. The traditional copy-paste-js trick worked here too. When the user pastes the JS code into his browser’s address bar, the java script is injected and this JavaScript will start controlling your Facebook account with all the privileges. And the worst thing is that, people will mistake that it is you who is posting these porn content over their newsfeeds.
Most probably, the scammers hid the “like” button behind an image, such as a YouTube Video Image with a playing button. Users clicked this ‘disguised’ danger to light the fire to a sequence of unhealthy posts over their friend’s walls.
Facebook team is working hard to fix this vulnerability the soonest, and till then Facebook users should take care, not to click any untrusted links, or images, or videos, even if it is posted by your best friend. Because if you do, you are risking your account and moreover social image.