[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Blake West blakewest at gmail.com
Mon Jul 18 17:47:59 EDT 2005


> In other words, running a Greasemonkey script on a site can expose the
> contents of every file on your local hard drive to that site.  Running
> a Greasemonkey script with "@include *" (which, BTW, is the default if
> no parameter is specified) can expose the contents of every file on
> your local hard drive to every site you visit.  And, because
> GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly
> send this information anywhere in the world.

So what is the short term strategy for not exposing yourself to
malicious attacks, barring making the monkey frown until a real fix is
released?

I've already turned off all the scripts that run on every site. What
else should I do?

Thanks,
-Blake


More information about the Greasemonkey mailing list