[Security] Uninstall Greasemonkey!

#1
If you're using the Greasemonkey extension for Firefox, you should remove it until an updated version has been released. Bear in mind that this flaw affects all Firefox users who use the Greasemonkey extension, regardless of what OS they're using.

A serious… no, make that critical flaw has been discovered in Greasemonkey that allows an attacker unfettered access to your system. From the Mozilla discussion thread:

“But wait, it gets worse. An attacker doesn’t even need to know the exact filename, since “GET”ting a URL like “file:///c:/” will return a parseable directory listing. (And Mac users don’t get to gloat either; you’re just as vulnerable, starting with a different root URL.) In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site.

Running a Greasemonkey script with ”@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.”
Hat tip to Marc Orchant
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,970
Messages
673,297
Members
89,018
Latest member
qotipory