Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Greasemonkey Firefox exploit

Greasemonkey Firefox exploit

by Nikola Strahija on July 21st, 2005 A serious security flaw has been discovered in Greasemonkey, a widely used extension to the Mozilla Firefox browser. The glitch allows malicious attacker to view all the files on hard disk of the victim.


The bug is the third annoyance affecting Firefox users in only a few days, following a successful attack on the Spread Firefox marketing site, and a Firefox update that broke many third-party extensions.

Greasemonkey is an extension to Firefox that allows users customise the sites they view using powerful scripting tools. The problem is that certain of Greasemonkey's functions are exposed in an insecure way, allowing them to be exploited by a malicious site.

-Running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site, wrote Mark Pilgrim, who discovered the flaw, in an email to the Greasemonkey mailing list this week.

Greasemonkey's developer advised users to upgrade to the most recent version, 0.3.5, which fixes the problem by disabling the tool's more advanced features. The bug affects all previous versions, researchers said.
Firefox doesn't have an equivalent of ActiveX, the component of Microsoft Internet Explorer that allows Web sites to run powerful scripts on a user's system, which is often used in attacks and in spyware. Firefox extensions can be as powerful as the developer likes, but cannot automatically install themselves as can ActiveX controls.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »