Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Greasemonkey Extension Security Problem

Posted by CmdrTaco on from the uninstall-it-now-man dept.

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

16 of 443 comments (clear)

  1. It's about time by rockytriton · · Score: 4, Funny

    It's about time people start writing some exploits for firefox!

    http://www.dreamsyssoft.com

  2. gauntlet by Anonymous Coward · · Score: 4, Funny
    Rogue pages???

    Quick, lets band together with a magician and a warrior and stomp those bow&arrow shootin mofos before they take over the internet!

    1. Re:gauntlet by adrianbaugh · · Score: 4, Funny

      You have been killed by a Firefox on Level 8 with 5439 Gold. RIP.

      --
      "'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
      - JRR Tolkien.
    2. Re:gauntlet by wuie · · Score: 5, Funny

      Yellow wizard needs patch badly.

    3. Re:gauntlet by TheScottishGuy · · Score: 5, Funny

      Blue browser is about to die.

  3. GreaseMonkey Problem by RagingChipmunk · · Score: 2, Funny

    Damn Microsoft! No doubt this can be traced to a Bill Gates directed consipracy against rebel browsers.

    --
    The only PT Boat Journal on the web: http://www.PT171.org
    1. Re:GreaseMonkey Problem by wheany · · Score: 4, Funny

      Okay, how's this: Since Microsoft Internet Explorer has a dominant market share, people make pages that work on IE. Some of the pages do not work on Firefox since they use some functionality found only in IE. Greasemonkey can be used to alter some of those pages so that they work on Firefox again.

      It's Microsoft's fault that people have to install insecure extensions to make web work like it should have worked in the first place.

  4. 1000 greasemonkies on a thousand keyboards... by ScentCone · · Score: 2, Funny

    are going to produce some vulnerabilities along with the gee-whiz plugins of the moment. That's pretty spectacular, though.

    --
    Don't disappoint your bird dog. Go to the range.
  5. Our Fault by Comatose51 · · Score: 4, Funny
    This is why God invented the tag.

    We can blame God for all kinds of things like hurricanes and Godzilla but it's a safe bet that we brought THAT scourge upon ourselves.

    --
    EvilCON - Made Famous by /.
    1. Re:Our Fault by PakProtector · · Score: 2, Funny
      This is why God invented the tag.
      We can blame God for all kinds of things like hurricanes and Godzilla but it's a safe bet that we brought THAT scourge upon ourselves.

      Hey, now! We all know perfectly well that Godzilla was a result of the United States dumping radioactives into ocean waters, part of their plan to keep on supressing Japan after the war. After all, if Tokyo hadn't been leveled by Godzilla every 6 months, Japan would have taken its rightful place as ruler of the world!

      --

      Edward@Tomato - /home/Edward/ man woman
      man: no entry for woman in the manual.
      "Qua!?"

  6. Re:More Ammo by FidelCatsro · · Score: 5, Funny

    They can say "Come back to windows , no need for third party extensions for these types of flaws .They are built into MSIE/windows , It just works"

    --
    The only things certain in war are Propaganda and Death. You can never be sure which is which though
  7. Re:Is that really a problem? by grasshoppa · · Score: 3, Funny

    Personally, someone could read my entire hard drive and it wouldn't bother me much. I don't keep sensitive information on my computer, because any computer connected to the internet should be considered insecure.

    Nice try Bill, we know it's you.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  8. But, but, but by TheAncientHacker · · Score: 1, Funny

    It's open source so millions of eyes have studied it to make sure it's secure...

  9. Rock paper cissors by Arthur+B. · · Score: 3, Funny

    Firefox burns greasemonkey cuz it's made of fat But Seamonkey beats firefox because it extinguishes the fire. Then Greasemonkey beats seamonkey because it can float in water AND walk on land. my 2.56 cents

    --
    \u262D = \u5350
  10. Re:Is that really a problem? by ArsenneLupin · · Score: 2, Funny
    because any computer connected to the internet should be considered insecure.

    You know, there are also other OSes than windows...

  11. unsecure by zerocommazero · · Score: 2, Funny
    When are you people going to take the hint?! You've got to stop using unsecure browsers like Firefox with all its vulnerabilities. They call it Open Source for a reason!!!

    Internet Explorer is way more secure and reliable. I went to a porno site yesterday and a pop-up asked me if I'd like to learn how to increase my penis size! How'd they know?!!! They must be reading my mind!

    The next day, IE automatically took me to that site when I opened it up! In fact this page showed me a list of other sites I might like to visit like explicit hentai, rape videos, and scat! It was as if me and my browser mind-melded!

    I like that when I was asked to pay for the penis-enhancing pills that I was redirected to site 135.34.65.256 instead of having enlargeyourlittlemember.com in my history list (wanna surprise the wife..)

    It's been three months and I haven't got my pills yet. I think the postman is swiping them. (always wondered how he could steer his mail jeep and hand out mail at the same time.)

    Where was I? Oh yeah, Firefox is a more secure browser, just don't use monkey grease.