This module exploits a vulnerability found in Mozilla Firefox 3.6 when
an array object is configured with a large length value , the
reduceRigh() method may cause an invalid index being used , allowing
arbitary remote code execution . Please note that the exploit requires a
longer amount of time ( compare to a typical browser exploit) in order
to gain control of the machine More : http://www.exploit-db.com/exploits/17612/
When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.