Greasemonkey Insecurities

July 18, 2005

Today's most interesting mailing list posting:

Uninstall Greasemonkey altogether. At this point, I don't trust having it on my computer at all. I would think that whoever is in charge of addons.mozilla.org should immediately remove the Greasemonkey XPI and post a large warning in its place advising people to uninstall it.

By the way, "Greasemonkey Hacks" is DEAD until we fix this. And I'm posting a big red blinking warning on every page of diveintogreasemonkey.org advising visitors to uninstall it, until all of these security holes are closed. This is why God invented the <blink> tag.

Posted 4:57 PM with tags:

Embed:

1 comments by: Angsuman Chakraborty

Previously: The Other Wikipedia

Next: Find Me A Home

AJAX

Posted July 19, 2005 01:50

Debugging AJAX applications:

Many people are wondering how to debug AJAX application. In fact, the idea of cross plateform development isn't that easy to debug, there is Javascript calls, and there is XML server response in the other side. And if you have two errors in the two sid

read more »

DiarioIP

Posted July 19, 2005 02:06

Greasemonkey, inseguro: Hasta nuevo aviso habría que desactivar el Greasemonkey (una fantástica extensión para Firefox) debido a un grave problema de seguridad. Lo mejor será activarlo cuando se necesite puntualmente.... read more »

Simple Thoughts - Java and Web Blog

Posted January 17, 2007 10:28

Critical Security Vulnerability with GreaseMonkey (Firefox Extension): GreaseMonkey is a popular Firefox extension which allows lots of great enhancements to your browser using third party GreaseMonkey scripts. Yesterday a serious security vulnerability was found which exposes the hard drive content of GreaseMonkey users ... read more »

Angsuman Chakraborty

Posted July 19, 2005 09:55

It is rather serious vulnerability which Mark found. I have blogged the details here.

Post a comment