Slashdot Mirror


Firefox Greasemonkey Extension Security Problem

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

10 of 443 comments (clear)

  1. It's about time by rockytriton · · Score: 4, Funny

    It's about time people start writing some exploits for firefox!

    http://www.dreamsyssoft.com

  2. gauntlet by Anonymous Coward · · Score: 4, Funny
    Rogue pages???

    Quick, lets band together with a magician and a warrior and stomp those bow&arrow shootin mofos before they take over the internet!

    1. Re:gauntlet by adrianbaugh · · Score: 4, Funny

      You have been killed by a Firefox on Level 8 with 5439 Gold. RIP.

      --
      "'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
      - JRR Tolkien.
    2. Re:gauntlet by wuie · · Score: 5, Funny

      Yellow wizard needs patch badly.

    3. Re:gauntlet by TheScottishGuy · · Score: 5, Funny

      Blue browser is about to die.

  3. Our Fault by Comatose51 · · Score: 4, Funny
    This is why God invented the tag.

    We can blame God for all kinds of things like hurricanes and Godzilla but it's a safe bet that we brought THAT scourge upon ourselves.

    --
    EvilCON - Made Famous by /.
  4. Re:More Ammo by FidelCatsro · · Score: 5, Funny

    They can say "Come back to windows , no need for third party extensions for these types of flaws .They are built into MSIE/windows , It just works"

    --
    The only things certain in war are Propaganda and Death. You can never be sure which is which though
  5. Re:Is that really a problem? by grasshoppa · · Score: 3, Funny

    Personally, someone could read my entire hard drive and it wouldn't bother me much. I don't keep sensitive information on my computer, because any computer connected to the internet should be considered insecure.

    Nice try Bill, we know it's you.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  6. Rock paper cissors by Arthur+B. · · Score: 3, Funny

    Firefox burns greasemonkey cuz it's made of fat But Seamonkey beats firefox because it extinguishes the fire. Then Greasemonkey beats seamonkey because it can float in water AND walk on land. my 2.56 cents

    --
    \u262D = \u5350
  7. Re:GreaseMonkey Problem by wheany · · Score: 4, Funny

    Okay, how's this: Since Microsoft Internet Explorer has a dominant market share, people make pages that work on IE. Some of the pages do not work on Firefox since they use some functionality found only in IE. Greasemonkey can be used to alter some of those pages so that they work on Firefox again.

    It's Microsoft's fault that people have to install insecure extensions to make web work like it should have worked in the first place.