By John Gruber
Lex.Games: Free daily word games from Lex Friedman. Not the weird Elon stan;
the real Lex Friedman.
- Greasemonkey Security Hole
-
Mark Pilgrim:
In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site. Running a Greasemonkey script with “@include *” (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world.
His advice is to completely uninstall Greasemonkey.
(Via Anil Dash.)
★ Monday, 18 July 2005