Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Greasemonkey Extension Security Problem

Posted by CmdrTaco on from the uninstall-it-now-man dept.

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

1 of 443 comments (clear)

  1. Re:More details on the exploit... by idonthack · · Score: 1, Troll

    And then they'll get hold of the contents of your home directory!
    blah markov_chain other users spiff
    And then your directory!
    .bash_login .bash_logout .gaim .gnucash .kde .kde2 .mozilla bin doc
    What next? Your buddy list from Gaim? Your bank account from GnuCash? Your address book from Thunderbird? What other security holes you have in Firefox, from extensions? Something you wanted to keep secret in your documents?

    Linux is not always safe.
    ---
    A guy walks up to his friend and sees him hitting himself on the head with a hammer. "Why are you doing that!?", he asks. "Because it feels so good when I stop.", was the reply.
    Generated by SlashdotRndSig via GreaseMonkey

    --
    Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?