MobileRead Forums
Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > Miscellaneous > Lounge
Reload this Page Serious exploit in Greasemonkey 0.4

Notices

Reply
 
Thread Tools Search this Thread
Old 07-18-2005, 08:51 PM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,171
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
Serious exploit in Greasemonkey 0.4
If you are using the wonderful Greasemonkey extension for Firefox, better disable it ASAP and then check out this link:

In other words, running a Greasemonkey script on a site can expose the
contents of every file on your local hard drive to that site. Running
a Greasemonkey script with "@include *" (which, BTW, is the default if
no parameter is specified) can expose the contents of every file on
your local hard drive to every site you visit. And, because
GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly
send this information anywhere in the world.
Alexander Turcic is offline   Reply With Quote
Old 07-19-2005, 02:46 AM   #2
Chaos
Evangelist
Chaos has a complete set of Star Wars action figures.Chaos has a complete set of Star Wars action figures.Chaos has a complete set of Star Wars action figures.
 
Posts: 418
Karma: 281
Join Date: Jul 2004
Location: Canada
Device: Assorted older devices
0.4? The greasemonkey website you linked to lists the most recent version at 0.3.3. Did they pull 0.4 when this vulnerability was found?
Chaos is offline   Reply With Quote
Advert
Old 07-19-2005, 05:59 AM   #3
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,171
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
0.4 is out as beta.

http://cyclingroo.blogspot.com/2005/...y-04-beta.html
Alexander Turcic is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe Reader 9 new exploit in the wild doctorow News 2 02-20-2009 04:38 PM
iLiad Huge exploit found in 2.7 arivero iRex Developer's Corner 86 11-26-2006 05:49 PM
Adobe Acrobat subject to remote exploit Alexander Turcic News 3 09-16-2006 06:29 AM


All times are GMT -4. The time now is 12:00 AM.

Contact Us - FAQ - Guidelines - Privacy - Top

MobileRead.com is a privately owned, operated and funded community.