Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to 'allow or accept' the application request so that app can access your account information with required permissions.
As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can just allow specific permissions to an app in order to make it work with your account.
Today whitehat Hacker 'Nir Goldshlager' reported 'The Hacker News' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without 'allow or accept' options.
read more.....http://thehackernews.com/2013/02/facebook-oauth-flaw-allows-gaining-full.html#_