Not even a month ago I posted about Facebook OAuth flaw that was allowing to an attacker to gain access to any account. Facebook have fixed that specific flaw with minor changes but those changes are not enough and hackers can gain control to any account. This new vulnerability was found by the same white hat hacker that found also the previous one. Don’t worry just yet about this one because it is already fixed but Facebook is not very serious about security. To fix the previous bug they just put a basic regular expression validation that could be easily bypassed. I am sure they just modified their regular expression for the new flaw.
Another Facebook OAuth vulnerability