July 20, 2005

Firefox's Greasemonkey slippery on security

A severe security hole in Firefox's Greasemonkey extension has been uncovered that exposes any file on a user's local hard drive to a hacker.

The vulnerability affects PCs and Macs and means a hacker does not need to know an exact file name before diving into a system. According to one online posting, typing something such as "file:///c:/" will return a parseable directory listing. Macs can be hacked in a similar way.

Link: The Register

Click Here!