Imperva is one of the research companies who previously reported one of Facebook vulnerability on the Facebook Messenger application. Last year November, they have discovered a bug where hackers can use any website to display who you messaged with. After reporting this bug, Facebook immediately, have fixed it.
Again Imperva has discovered which is similar to the previously found bug on November last year. According to them, hackers could exploit iframe elements to see which friends the user talks to. This could be done from the
Facebook immediately tried to fix the issue by randomizing the iframe element. Even though, they fixed the issue Imperva still pointed out that hackers could still design an algorithm which can expose the user’s contact. In order to fix this bug permanently, Facebook takes a drastic decision by completely removing the iframes from Messenger application.
“We appreciate the researcherโs submission to our bug bounty program. The issue in his report stems from the way web browsers handle content embedded in webpages and is not specific to Facebook.”
Facebook