Facebook has patched a serious vulnerability that could have allowed attackers to easily gain access to private user account data and control accounts by tricking users into opening specifically crafted links, a Web application security researcher said late Thursday. Nir Goldshlager, the researcher who claims to have found the flaw and reported it to Facebook, posted a detailed description and video demonstration of how the attack worked on his blog.