NTA Monitor

Latest News

New version of network scanning tool arp-scan released

15th March 2011 A new version of a respected and popular network scanning tool has been released. Read More

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

1st March 2011 SQL injection and cross-site scripting (XSS) were the most common flaws found in web applications in 2010 according to results from tests carried out by NTA Monitor. Read More

Assess risk to manage effects of budget cuts

9th February 2011 Signs of economic recovery may be appearing in some industries, but for most organisations - particularly in the public sector - budget cuts and cost savings are here to stay for the foreseeable future. Read More

"Basic security threats not changed in 15 years"

1st February 2011 There may have been significant technological advances to the hardware and software organisations use, but according to Roy Hills, who co-founded NTA Monitor in 1996, the basic security threats have not changed in the last 15 years. Read More

Date: 30th August 2005
Risk: High

A serious cross-platform security flaw has been found in a popular extension for the open source browser.

The developer of Greasemonkey is making an update for a critical security flaw in his extension to the Firefox browser available via the Mozilla website.

Greasemonkey is a popular add-on used to customise the design and behaviour of Web pages. The flaw could let attackers read any file on a user's local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released on 18 July, according to the download page on the Mozilla Foundation's Web site. The Mozilla Foundation coordinates Firefox development and marketing.

The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons.

People who switch to version 0.3.5, however, will find it lacks the so-called GM* APIs, which are designed to make Greasemonkey more powerful than HTML, according to a Greaseblog posting, a blog devoted to the extension. As a result, scripts that rely on these APIs will fail with the 0.3.5 version. "Greasemonkey 0.3.5 is a 'neutered' version of Greasemonkey," said a developer in a post to the blog.

The vulnerability affects PCs and Macs and means a hacker does not need to know an exact file name before diving into a system. According to one online posting, typing something such as "file:///c:/" will return a parseable directory listing. Macs can be hacked in a similar way.

Greasemonkey enables developers to add DHTML to a web page, in order to change that page's behavior. The vulnerability is caused due to certain functions being insecurely exposed and can be exploited by a malicious web site via the "GM_xmlhttpRequest()" function to disclose the contents of arbitrary local files and list the contents of arbitrary local directories.

Users have been advised to either completely un-install the Greasemonkey extension or downgrade to Greasemonkey to 0.3.5 - a "neutered" version that lacks the APIs making Greasemonkey scripts more powerful than regular HTML until a fix is produced.

References

Sources: http://news.zdnet.co.uk/internet/security/0,39020375,39210075,00.htm, http://www.mozilla.org/