Greasemonkey extension 'fatally insecure'

A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest.”

/.

Apparently, installing a new version of the extension solves the insecurities but also causes some old scripts to cease working. As I didn’t have any critical use for GM, I just chose to uninstall it.

"1.0.6 Release Candidates – Testing Needed"

“We are getting ready to release Firefox 1.0.6, Thunderbird 1.0.6, and Mozilla Suite 1.7.10 to address some API issues in the Firefox and Thunderbird 1.0.5 releases, and we want to gather feedback on extension compatibility. There is a very real chance that some of the general security improvements may impact a number of extensions that worked with 1.0.4 and earlier, and we want to identify and address as many of these as possible before we release 1.0.6.”

Mozilla Developer News

A new release so soon after the 1.0.5 releases of Firefox and Thunderbird is due to the problems they caused with extensions (ran into them myself, too).