ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Firefox slips up through Greasemonkey flaw

Dawn Kawamoto CNET News.com

Published: 21 Jul 2005 09:45 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The developer of Greasemonkey is making an update for a critical security flaw in his extension to the Firefox browser available via the Mozilla Web site.

Greasemonkey is a popular add-on used to customise the design and behaviour of Web pages. The flaw could let attackers read any file on a user's local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released Monday, according to the download page on the Mozilla Foundation's Web site. The Mozilla Foundation coordinates Firefox development and marketing.

The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons.

People who switch to version 0.3.5, however, will find it lacks the so-called GM* APIs, which are designed to make Greasemonkey more powerful than HTML, according to a Greaseblog posting, a blog devoted to the extension. As a result, scripts that rely on these APIs will fail with the 0.3.5 version. "Greasemonkey 0.3.5 is a 'neutered' version of Greasemonkey," said a developer in a post to the blog.

Still, according to the same post, people should only use 0.3.5 at this point.

"I strongly recommend that everyone either install Greasemonkey 0.3.5, or else disable or uninstall Greasemonkey completely," wrote the developer, who is currently working on a fix.

No reports of the flaw being exploited have surfaced, according to his post.

Several security flaws have been discovered in Firefox recently, and the Mozilla Foundation released a security update for the browser earlier this month.

Additionally, a promotional site for the Firefox browser was hacked last week. The attack on SpreadFirefox.com was an embarrassment to the Mozilla Foundation, which uses security as a main selling point for the browser.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
61 out of 137 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

4 comments

  1. Oh well, it looks like it's begun in earnest... I... Nigel Williams
  2. Saying this is a Firefox "slip up" is at best... Stuart Carter
  3. I am not sure that this flaw was discove... Anonymous
  4. What kind of double-speak is this? "The attack on... Anonymous

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

SAP HR PAYROLL - CONTRACT

Business Analyst - BPR - Local Gov

URGENT Requirement for Project Manager with DWH/BI Knowledge

Sentry Posts Blog

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Government launches new e-crime unit

Ok, so this is outside of my main area of focus of sustainable and green tech but I do track some security issues too. I was at a meeting last week with Microsoft's security advisor... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers