By John Gruber
Jiiiii — Free to download, unlock your anime-watching-superpowers today!
Mark Pilgrim:
In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.
His advice is to completely uninstall Greasemonkey.
(Via Anil Dash.)
★ Monday, 18 July 2005