Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Greasemonkey Extension Security Problem

Posted by CmdrTaco on from the uninstall-it-now-man dept.

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

6 of 443 comments (clear)

  1. Why Uninstall? by SenFo · · Score: 5, Informative

    "Time to uninstall GM?"

    Why not just do what the article says and "Install Greasemonkey 0.3.5"

    --
    My lame blog.
    1. Re:Why Uninstall? by phasm42 · · Score: 4, Informative
      Because:
      Greasemonkey 0.3.5 is a "neutered" version of Greasemonkey, lacking any of the GM* APIs which make Greasemonkey scripts more powerful than regular HTML. This means that scripts which depend on GM* APIs will fail with Greasemonkey 0.3.5.
      --
      "No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
  2. Re:But, but, but by Koiu+Lpoi · · Score: 4, Informative

    You're correct. It was discovered by a white hat.

  3. 1986 by Spazmania · · Score: 4, Informative

    In 1986 I wrote a Commodore 64 terminal program that allowed BBS' to download and run bits of assembly code onto the user's machine in order to enhance the user's experience. It took about 48 hours before someon posted a message that executed a jump to address 64738 -- system reset.

    Bad idea then. Worse idea now, no matter how much supposed security you surround it with.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  4. Re:It's about time by ad0gg · · Score: 4, Informative
    Umm IIS6 has less exploits and no unpatched vunerabilities compared to Apache 2.0.x which still has unpatched vunerabilities.

    IIS 6 Exploits
    Apache 2.0x.

    Please do some basic research before making comments on security.

    --

    Have you ever been to a turkish prison?

  5. Re:It's about time by jerw134 · · Score: 4, Informative

    Surprisingly enough, IIS5, still in wide use, has unpatched vulnerabilities.

    OK, stop with the pure FUD. Using the Secunia link you provided, it shows that IIS5 has one unpatched vulnerability, which is rated Not Critical, which is the lowest rating possible. Not only are the unpatched flaws in Apache more serious, there are also more of them! Please, stop with the BS.