Now You Can Download Google Chrome OS for Free!
 

Serious Security Flaw in Greasemonkey

Filed in: Mozilla, Security — July 26th, 2005

advertisement

A serious security flaw has been found in the popular Greasemonkey extension for Mozilla Firefox, allowing websites the potential to access any file on a user’s computer.

First released last year, Greasemonkey allows users to install small pieces of code (known as user scripts) that change the way various websites behave.

If a user running a vulnerable version of Greasemonkey visits a website that triggers at least one of their user scripts then that website can read any of the user’s files or list the contents of any of the user’s directories/folders.

The problem can be resolved by either installing Greasemonkey 0.3.5, which fixes the flaw but has reduced functionality, or uninstalling Greasemonkey altogether. A fully-functional version of Greasemonkey that fixes the security issues is being developed.

[ Read ]

Thought:
I am not Greasemonkey user, I seldom trust software that can change the look of existing websites.

Read also:

Now You Can Download Google Chrome OS for Free!
« New Google Interface?
Apple Upgrades Apple Mini and iBook »
  • Fortunately GM 0.3.5 that fixes this has been released not too long ago (unfortunately for me, I haven't found a version that works with Deer Park A2. Egad! Has anyone got better luck? =/ ).

    It's just an extension that applies a Javascript-based template to your current page - bad scripts are usually weeded out as soon as they hit public, so there's no real need to be paranoid.
blog comments powered by Disqus