Firefox Greasemonkey Extension Security Problem

Mr2001 writes "A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest. Time to uninstall GM?"

It's about time

[rockytriton]

It's about time people start writing some exploits for firefox!

http://www.dreamsyssoft.com [dreamsyssoft.com]

gauntlet

[Anonymous Coward]

Rogue pages???

Quick, lets band together with a magician and a warrior and stomp those bow&arrow shootin mofos before they take over the internet!

GreaseMonkey Problem

[RagingChipmunk]

Damn Microsoft! No doubt this can be traced to a Bill Gates directed consipracy against rebel browsers.

1000 greasemonkies on a thousand keyboards...

[ScentCone]

are going to produce some vulnerabilities along with the gee-whiz plugins of the moment. That's pretty spectacular, though.

Our Fault

[Comatose51]

This is why God invented the tag.

We can blame God for all kinds of things like hurricanes and Godzilla but it's a safe bet that we brought THAT scourge upon ourselves.

Re:More Ammo

[FidelCatsro]

They can say "Come back to windows , no need for third party extensions for these types of flaws .They are built into MSIE/windows , It just works"

Re:Is that really a problem?

[grasshoppa]

Personally, someone could read my entire hard drive and it wouldn't bother me much. I don't keep sensitive information on my computer, because any computer connected to the internet should be considered insecure.

Nice try Bill, we know it's you.

Re:gauntlet

[adrianbaugh]

You have been killed by a Firefox on Level 8 with 5439 Gold. RIP.

But, but, but

[TheAncientHacker]

It's open source so millions of eyes have studied it to make sure it's secure...

Rock paper cissors

[Arthur B.]

Firefox burns greasemonkey cuz it's made of fat But Seamonkey beats firefox because it extinguishes the fire. Then Greasemonkey beats seamonkey because it can float in water AND walk on land. my 2.56 cents

Re:gauntlet

[wuie]

Yellow wizard needs patch badly.

Re:gauntlet

[TheScottishGuy]

Blue browser is about to die.

Re:GreaseMonkey Problem

[wheany]

Okay, how's this: Since Microsoft Internet Explorer has a dominant market share, people make pages that work on IE. Some of the pages do not work on Firefox since they use some functionality found only in IE. Greasemonkey can be used to alter some of those pages so that they work on Firefox again.

It's Microsoft's fault that people have to install insecure extensions to make web work like it should have worked in the first place.

Re:Is that really a problem?

[ArsenneLupin]

because any computer connected to the internet should be considered insecure.

You know, there are also other OSes than windows...

Re:Our Fault

[PakProtector]

This is why God invented the tag.

We can blame God for all kinds of things like hurricanes and Godzilla but it's a safe bet that we brought THAT scourge upon ourselves.

Hey, now! We all know perfectly well that Godzilla was a result of the United States dumping radioactives into ocean waters, part of their plan to keep on supressing Japan after the war. After all, if Tokyo hadn't been leveled by Godzilla every 6 months, Japan would have taken its rightful place as ruler of the world!

unsecure

[zerocommazero]

When are you people going to take the hint?! You've got to stop using unsecure browsers like Firefox with all its vulnerabilities. They call it Open Source for a reason!!!

Internet Explorer is way more secure and reliable. I went to a porno site yesterday and a pop-up asked me if I'd like to learn how to increase my penis size! How'd they know?!!! They must be reading my mind!

The next day, IE automatically took me to that site when I opened it up! In fact this page showed me a list of other sites I might like to visit like explicit hentai, rape videos, and scat! It was as if me and my browser mind-melded!

I like that when I was asked to pay for the penis-enhancing pills that I was redirected to site 135.34.65.256 instead of having enlargeyourlittlemember.com in my history list (wanna surprise the wife..)

It's been three months and I haven't got my pills yet. I think the postman is swiping them. (always wondered how he could steer his mail jeep and hand out mail at the same time.)

Where was I? Oh yeah, Firefox is a more secure browser, just don't use monkey grease.