Greasemonkey Security Hole

Mark Pilgrim:

In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.

His advice is to completely uninstall Greasemonkey.

(Via Anil Dash.)

Monday, 18 July 2005