https://www.acunetix.com/websitesecurity/cross-site-scripting/

That's a fault with web sites not with a web browser. Off topic for this forum.

added information related to Firefox: NoScript is effective at blocking XSS. https://addons.mozilla.org/en-US/firefox/addon/noscript/

I don't understand your screenshot. Is there a problem with your own app on Facebook? There must be a better forum for FB developers.

Hi miaspunk, thank you for your message. It sounds as though something is modifying links in FB after you log into it, leading to an unexpected (unofficial/fake) site.

If you are starting from a FB-controlled page (i.e., it is only FB content, there are not third party apps in the page), it's hard to see how it could be an XSS attack.

Is this problem limited to when you use the site in Firefox? For example, does Microsoft's Edge browser work better? If it affects all your browsers, have you done some malware scans? This article suggests free cleaning tools to supplement your regular security software: Troubleshoot Firefox issues caused by malware.

If the problem is limited to Firefox, one possible culprit would be an extension. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

• Ctrl+Shift+a (Mac: Command+Shift+a)
• "3-bar" menu button (or Tools menu) > Add-ons
• type or paste about:addons in the address bar and press Enter/Return

In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions that Firefox installs on its own are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious? If in doubt, disable.

Often a link will appear above at least one disabled extension to restart Firefox before the change takes effect. You can complete your work on the tab and click one of the links as the last step.

Any improvement?