[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Aaron Boodman zboogs at gmail.com
Mon Jul 18 16:05:52 EDT 2005


> So what is the short term strategy for not exposing yourself to
> malicious attacks, barring making the monkey frown until a real fix is
> released?

I was just going to post this. 

Attached is a neutered Greasemonkey. Please make sure that GM_*
leakage no longer occurs. I tested with Mark's example.

Since I don't believe it's possible to create a Greasemonkey using the
existing API strategy which doesn't leak APIs, I've disabled them all.

This means that any user script that uses GM_* will fail. But hey,
that's better than sending all your private data to any random
website.

What sucks is that Greasemonkey doesn't have auto update support. And
even if it did, you can't force users to install a new version. I'm
going to try and add it for this version, but that won't help the
people who have existing installs.

So I will probably need everyone's help to spread the word that they
should either disable GM or install this one.

-- 
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: greasemonkey-0.3.5.xpi
Type: application/x-xpinstall
Size: 22796 bytes
Desc: not available
Url : http://mozdev.org/pipermail/greasemonkey/attachments/20050718/9daee31e/greasemonkey-0.3.5-0001.bin


More information about the Greasemonkey mailing list