I love Firefox and its extensions, and I’m pretty interested in the Ajax developments. Recently a Firefox + Greasemonkey extension vulnerabilty surfaced. This vulnerability could allow an evil server to read the contents of your harddisk, if you have Firefox with the Greasemonkey extension installed, using XMLHttpRequest to send the data in the background to the server. The community was quick in deploying workarounds. One of them was Flickr, who implemented a notification script on its pages warning Greasemonkey users of the vulnerability. If you too are a Greasemonkey user, you might get a warning on this site as I took over the script from Flickr.
Read more on the Greaseblog, or here for more details on the vulnerability.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.