In a statement, Facebook spokesman Andrew Noyes acknowledged that the site was the target of a coordinated spam attack and explained how it went down.
“During this spam attack, users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content,” he said. “Our engineers have been working diligently on this self-XSS vulnerability in the browser.”
via Facebook finds cause of porn, violent images in NewsFeeds – latimes.com.