Firefox's Greasemonkey slippery on security
Full file exposure
Posted in Security, 20th July 2005 16:43 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
A severe security hole in Firefox's Greasemonkey extension has been uncovered that exposes any file on a user's local hard drive to a hacker.
The vulnerability affects PCs and Macs and means a hacker does not need to know an exact file name before diving into a system. According to one online posting, typing something such as "file:///c:/" will return a parseable directory listing. Macs can be hacked in a similar way.
Mark Pilgrim, a coder and author writing about Greasemoney, told a Greasemonkey mailing list: "This particular exploit is much, much worse than I thought. GM_xmlhttpRequest can successfully "GET" any world readable file on your local computer.
"And because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world," Pilgrim warned.
Greasemonkey enables developers to add DHTML to a web page, in order to change that page's behavior.
Users have been advised to either completely un-install the Greasemonkey extension or downgrade to Greasemonkey to 0.3.5 - a "neutered" version that lacks the APIs making Greasemonkey scripts more powerful than regular HTML.
A fix is in development and expected to take a few days, according to Greaseblog - the Greasemonkey blog®
Related stories
Hackers attack Mozilla site to spread spam
Firefox update completes busy patching day
Firefox spoof bug returns from the dead
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Send corrections
The new Office Garage series:
Data control in the cloud
Top 10 SIEM implementer’s checklist
