Greasemonkey Insecurities

July 18, 2005

Embed:

Today's most interesting mailing list posting:

Uninstall Greasemonkey altogether. At this point, I don't trust having it on my computer at all. I would think that whoever is in charge of addons.mozilla.org should immediately remove the Greasemonkey XPI and post a large warning in its place advising people to uninstall it.

By the way, "Greasemonkey Hacks" is DEAD until we fix this. And I'm posting a big red blinking warning on every page of diveintogreasemonkey.org advising visitors to uninstall it, until all of these security holes are closed. This is why God invented the <blink> tag.

4:57 PM

3 TrackBacks

Debugging AJAX applications from AJAX on July 19, 2005 1:50 AM

Many people are wondering how to debug AJAX application. In fact, the idea of cross plateform development isn't that easy to debug, there is Javascript calls, and there is XML server response in the other side. And if you have two errors in the two sid

Read More

Greasemonkey, inseguro from DiarioIP on July 19, 2005 2:06 AM

Hasta nuevo aviso habría que desactivar el Greasemonkey (una fantástica extensión para Firefox) debido a un grave problema de seguridad. Lo mejor será activarlo cuando se necesite puntualmente.... Read More

Critical Security Vulnerability with GreaseMonkey (Firefox Extension) from Simple Thoughts - Java and Web Blog on January 17, 2007 10:28 AM

GreaseMonkey is a popular Firefox extension which allows lots of great enhancements to your browser using third party GreaseMonkey scripts. Yesterday a serious security vulnerability was found which exposes the hard drive content of GreaseMonkey users ... Read More

1 Comment

It is rather serious vulnerability which Mark found. I have blogged the details here.

Angsuman Chakraborty | July 19, 2005 9:55 AM | Reply

Leave a comment