Thread: Serious exploit in Greasemonkey 0.4
View Single Post
Old 07-18-2005, 07:51 PM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
Serious exploit in Greasemonkey 0.4
If you are using the wonderful Greasemonkey extension for Firefox, better disable it ASAP and then check out this link:

In other words, running a Greasemonkey script on a site can expose the
contents of every file on your local hard drive to that site. Running
a Greasemonkey script with "@include *" (which, BTW, is the default if
no parameter is specified) can expose the contents of every file on
your local hard drive to every site you visit. And, because
GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly
send this information anywhere in the world.
Alexander Turcic is offline   Reply With Quote