Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK | Youssef Sammouda (sam0) personal blog

https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html