[Greasemonkey] gmdetect.js

Nikolas Coukouma lists at atrus.org
Tue Jul 19 12:51:15 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Pilgrim wrote:

> I've written a Greasemonkey vulnerability detection script and
> installed it on diveintogreasemonkey.org and diveintomark.org. If
> it detects leaking APIs, it displays a warning message telling the
> visitor that the version of Greasemonkey they are using has
> critical security flaws, and points them to the Greasemonkey home
> page for download, or the specific mailing list message that gives
> details on the vulnerability. Has no ill effects in IE, Opera,
> Safari, Firefox without Greasemonkey, or Firefox with GM 0.35.
>
> Available here:
> http://diveintogreasemonkey.org/download/gmdetect.js
>
> Open source, MIT-licensed. Just drop it into any page, no
> initialization required:
>
> <script type="text/javascript" src="/path/to/gmdetect.js"></script>
>
I've made a little page that people can point to, if they like. It's a
minimal page that includes your gmdetect.js, has a paragraph
explaining how to run the test, and a minimal script to install so the
test will actually work.

http://atrus.org/hosted/vuln_test.html

- -Nikolas Coukouma
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC3SFys2zR4YuWmeERAo20AJ9CCN8VdEeXIhdGkfybadBP7JHRfACghRy/
iQHWV1XKYf/8J70mgwiSbLU=
=bwhR
-----END PGP SIGNATURE-----



More information about the Greasemonkey mailing list