A few months ago we studied the Android same origin policy（SOP）of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code.
myhack58 science: the same-origin policy bypass vulnerability
And the same-origin policy bypass occurs at A site(sitea. com, for example)in some way to access the B site(siteb. com, for example)of the attribute, such as cookies, location, response etc. Due to this problem the special nature and potential impact of the browser this has very strict management mode, in now browser can rarely find the same-origin policy(SOP)bypass.
Attack is by to a specific Facebook web page references a malicious web site link to achieve.
It will try to inline the framework of Riga contains a Facebook web site: