|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
7 |
 |
Members:
0 |
 |
Total:
7 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 08/13/2005 9:47 PM |
|
| What Is It?
There is a serious security defect in the Greasemonkey add-in for the Mozila FireFox Web browser that can potentially expose every file on your computer. An attacker could use this flaw to steal any file on your computer and send a a copy of part or all of its contents anywhere in the world.
According to Mark Pilgrim, author of a popular e-book called Dive into Greasemonkey, this flaw can be exploited to hijack any world-readable file on a victim's computer. To demonstrate the severity of the defect, he has published exploits; please see the References section below for details.
What Should I Do?
Greasemonkey is an optional add-on to FireFox that must be downloaded and installed separately. Therefore, if you have it installed, you know it. If you installed FireFox "out of the box," you do not have Greasemonkey, and there is nothing to do.
However, if you use Greasemonkey, its developers are waning users to completely uninstall versions prior to version 0.3.5. If you read further on the Greasemonkey home page, at http://greasemonkey.mozdev.org/, you may decide that no version is safe.
Quite frankly, if you really need something like Greasemonkey, we encourage you to wait until there is a version that has been thoroughly tested and confirmed safe by independent experts.
References
You may wish to consult the following references for additional information about this issue.
http://greasemonkey.mozdev.org/ is the Greasemonkey home page.
http://www.mozdev.org/pipermail/greasemonkey/2005-July/004022.html is the post by Mark Pilgrim. If you were undecided about removing Greasemonkey, this short article will convince you to remove it promptly.
http://www.eweek.com/article2/0,1895,1838702,00.asp is an article on eWeek, a respected industry news source, titled "Greasemonkey Flaw Prompts Critical Uninstall Warning," that brought this matter to my attention late yesterday.
http://diveintogreasemonkey.org/ is the start page of Dive into Greasemonkey, the electronic book by Mark Pilgrim about programming using Greasemonkey. It is here for completeness; it has no information that you need in order to decide what to do.
This concludes this VirusWarn notice.
David Gray
P6 Consulting
V: +1 (817) 896-1114
F: +1 (817) 294-1830
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
6913 Wilton Drive
Fort Worth, TX 76133-6130
USA
You are more important than any technology we may employ.
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|