A severe security hole in Firefox’s Greasemonkey extension has been uncovered that exposes any file on a user’s local hard drive to a hacker.
The vulnerability affects PCs and Macs and means a hacker does not need to know an exact file name before diving into a system. According to one online posting, typing something such as “file:///c:/” will return a parseable directory listing. Macs can be hacked in a similar way.
Link: The Register
