[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Mark Pilgrim pilgrim at gmail.com
Mon Jul 18 14:47:47 EDT 2005


On 7/18/05, chris feldmann <cfeldmann at gmail.com> wrote:
>  When I looked at that exploit last week it seemed the server would have to
> be @included in any script in order to read it. The GM_setValue exploit also
> @includes its own demonstration page. I'm not trying to discount the
> severity here, only asking if my understanding of the nature is correct.
> Namely, must a script open itself to the server in the @include line for
> this exploit to be viable?

That is correct.  I do not currently know of any way for a remote page
to gain access to scripts that are not configured to run on that page.

-- 
Cheers,
-Mark


More information about the Greasemonkey mailing list