Facebook has warned its users to never cut and paste unknown code into a browser's address bar, following the mass spam attack of graphic sex and violent images on Tuesday.

Facebook said Wednesday that its users need to remain vigilant to keep their accounts from being attacked. It warned its 800 million users to always use an up-to-date browser, as well as to flag and report any suspicious content.

Facebook said yesterday that it had stopped most of the offensive spam.

Users were tricked into pasting and executing malicious JavaScript in their browser URL bar, causing them to unknowingly share this offensive content, according to a statement from a Facebook spokesperson.

Facebook said its engineers were working to fix the self-XSS vulnerability in the browser and had built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempted to exploit it.

"Our team responded quickly and we have eliminated most of the spam caused by this attack," Facebook said in a statement. "We are now working to improve our systems to better defend against similar attacks in the future."

Facebook is the world's largest social network with 800 million users. The company said no user data or accounts were compromised during the attack.