Greasemonkey Flaw Prompts Critical Uninstall Warning.

[IGBT]

Text

The flaw is so serious that developers are warning users to completely uninstall Greasemonkey versions prior to 0.3.5.

Mark Pilgrim, an XML coder who helped to evangelize the extension with the free "Dive into Greasemonkey" e-book, has published working exploits to highlight the severity of the flaw.



"An attacker doesn't even need to know the exact filename," he said, noting that a certain exploit would return a parseable directory listing.

"In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site," Pilgrim said.

 

[bersl2]

You're missing the word "extension" in the topic sub-title. That kinda changes the meaning.

 

[n0cmonkey]

Topic Title: Greasemonkey Flaw Prompts Critical Uninstall Warning.
Topic Summary: security hole in a popular Firefox browser..
Created On: 07/20/2005 01:25 PM

This isn't a Firefox browser issue.

 

[rmrf]

Originally posted by: n0cmonkey

Topic Title: Greasemonkey Flaw Prompts Critical Uninstall Warning.
Topic Summary: security hole in a popular Firefox browser..
Created On: 07/20/2005 01:25 PM

This isn't a Firefox browser issue.

agreed, change the title before the IE bewbs start flaming. God knows there have been enough flamewars about browser security.

 

[PatboyX]

Originally posted by: rmrf

Originally posted by: n0cmonkey

Topic Title: Greasemonkey Flaw Prompts Critical Uninstall Warning.
Topic Summary: security hole in a popular Firefox browser..
Created On: 07/20/2005 01:25 PM

This isn't a Firefox browser issue.

agreed, change the title before the IE bewbs start flaming. God knows there have been enough flamewars about browser security.

yes, please.
i had this installed, though, and was sad to see the flaw.
glad they warned us...but i liked a lot of the little things i had in there.
linkify and smart quotes i miss quite a bit.