Monday, July 18, 2005

Greasemonkey has a security hole you could fly a plane through

Greasemonkey, with certain script settings, “can expose the contents of every file on your local hard drive to every site you visit. [...] An attacker can quietly send this information anywhere in the world.” Advice: uninstall; downgrade to a neutered version. Mark Pilgrim, referring to a related, less-serious exploit: “I’ve accumulated a fair amount of karma in this fledgling community, and I’m going to burn some of it now by suggesting that this is a BIG FUCKING DEAL.” (via links) [Update: fixed in GM 0.5.]