Slashdot Mirror


Firefox Greasemonkey Extension Security Problem

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

1 of 443 comments (clear)

  1. Re:Um, you don't actually use Firefox do you? by tomhudson · · Score: 1, Flamebait
    Re:Um, you don't actually use Firefox do you?

    You mean like in Firefox, where when updates are available all the auto-update feature does is display a little "updates available" icon in a browser window, then offer to install the updates when you click the
    You make 2 assumptions, both wrong:
    1. You assume I don't use firefox - I do
    2. You assume I use Windows - I don't - the update mechanism is different under linux

    Calling it an update, when in actual fact its not, is not the way to engender trust among users. Its also illegal to cripple functioning software on a persons computer w/o their informed consent, as I've pointed out elsewhere.

    This was decided by the courts almost 20 years ago, when L'Oreal and their IT supplier got into a dispute, and the IT supplier unilaterally disabled L'Oreal's software. The IT supplier lost, damages in the millions were awarded.