Firefox add-on Greasemonkey slips up | Tech News on ZDNet

On TechRepublic: 12 tech terms that make you sound old

BNET Business Network:: BNET; TechRepublic; ZDNet

By Dawn Kawamoto
Posted on ZDNet News: Jul 20, 2005 7:05:00 PM

The Mozilla Foundation is making available an update for a critical security flaw in Greasemonkey, an extension to the Firefox browser.

Greasemonkey is a popular add-on used to customize the design and behavior of Web pages. The flaw could let attackers read any file on a user's local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released Monday, according to the download page on the Mozilla Foundation's Web site. The Mozilla Foundation coordinates Firefox development and marketing.

The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons.

People who switch to version 0.3.5, however, will find it lacks the so-called GM* APIs, which are designed to make Greasemonkey more powerful than HTML, according to Greaseblog, a blog devoted to the extension. As a result, scripts that rely on these APIs will fail with the 0.3.5 version. "Greasemonkey 0.3.5 is a 'neutered' version of Greasemonkey," said a developer in a post to the blog.

Still, according to the same post, people should only use 0.3.5 at this point.

"I strongly recommend that everyone either install Greasemonkey 0.3.5, or else disable or uninstall Greasemonkey completely," wrote the developer, who is currently working on a fix.

No reports of the flaw being exploited have surfaced, according to his post.

Several security flaws have been discovered in Firefox recently, and the Mozilla Foundation released a security update for the browser earlier this month.

Additionally, a promotional site for the Firefox browser was hacked last week. The attack on SpreadFirefox.com was an embarrassment to the Mozilla Foundation, which uses security as a main selling point for the browser.

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now

Talkback
Most Recent of 39 Talkback(s)

Thread View
Flat View

Yep(nt): nt (Read the rest); Posted by: IT Scion Posted on: 07/22/05 You are currently: a Guest | Log in | Terms of Use

Still the greatest browser on earth! Jeff Spicoli | 07/20/05

Where did impartial reporting go ? chameleon@... | 07/20/05

yes a flaw was found voska | 07/20/05

ZDNet has an obligation to report on vulnerabilitys, and they clearly DonnieBoy | 07/20/05

No they don't Real World | 07/21/05

Articles like this show how utterly pathetic John Zern | 07/20/05

we can say welcome to the family jimk_z | 07/20/05

Greatest Browser? richhayes | 07/21/05

Nothing against FF at all but IT Scion | 07/20/05

Firefox is a browser, and a platform on which to run apps. DonnieBoy | 07/20/05

Like I said, playing in the big leagues isn't easy. No_Ax_to_Grind | 07/20/05

Yes, But Mozilla Plays In The Big Leagues In A Timely Manner itanalyst | 07/20/05

1.0.4 -- 1.05 Gap -- Two Months? (nt) PMC-CON | 07/21/05

Oh, and WRONG AGAIN. itanalyst | 07/20/05

Remove IE? johnay | 07/20/05

Removing IE isn't easy voska | 07/21/05

True, and Firefox does a much better job in the big leagues than Microsoft. DonnieBoy | 07/20/05

Exactly. OliverSeal | 07/21/05

Another Thing FireFox is porbably ahead in ... PMC-CON | 07/21/05

Hello? People? ITS AN EXTENSION!! itanalyst | 07/20/05

Yes you can remove IE or more like disable it and use firefox. Been_Done_Before | 07/21/05

suuure. try removing mshtml.dll and others and see how long windows runs wessonjoe | 07/21/05

i said.. disable.. Been_Done_Before | 07/21/05

GreaseMonkey = ActiveX? PMC-CON | 07/21/05

Yep(nt) IT Scion | 07/22/05

Don't use it if you choose not to Boot_Agnostic | 07/20/05

Odd, no article on the propose time change voska | 07/20/05

re jimk_z | 07/20/05

A rich feature set? That's sweet bystander_z | 07/21/05

A rich feature set -- mostly aimed at intranets PMC-CON | 07/21/05

Firefox vulnerabilities multiply Omnius | 07/21/05

What is your point? doe_z | 07/21/05

That's because it is voska | 07/21/05

IEradicator ... PMC-CON | 07/21/05

like i said, ie cannot be removed. this program only removes the gui front- wessonjoe | 07/21/05

spreadfirefox.com hacked... linuxoverwindows | 07/21/05

whats wrong with that? JoeMama_z | 07/21/05

so is this extension flaw cross-platform? it is only exploitable on a M$ wessonjoe | 07/21/05

Yo... horusfalcon | 07/21/05

What do you think?

Click Here

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

White Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More