You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By allowing injection into file: URLs, arbitrary files whose paths are known can be stolen and transmitted to any server by malicious scripts. By allowing injection into about:cache, the location of the user profile can be discovered, making this flaw much more serious.
Do not allow scripts to run at file: or about: URLs. Since this has the very real potential (near guarantee) of causing backwards compatibility issues, a hidden default-off preference should be set up to override this, so that concerned users can override its value via about:config and restore the old behavior.
The text was updated successfully, but these errors were encountered:
See list posts:
http://groups.google.com/group/greasemonkey-users/msg/89adb81c9be5544a
http://groups.google.com/group/greasemonkey-users/msg/784f75d135ba410a
By allowing injection into file: URLs, arbitrary files whose paths are known can be stolen and transmitted to any server by malicious scripts. By allowing injection into about:cache, the location of the user profile can be discovered, making this flaw much more serious.
Do not allow scripts to run at file: or about: URLs. Since this has the very real potential (near guarantee) of causing backwards compatibility issues, a hidden default-off preference should be set up to override this, so that concerned users can override its value via about:config and restore the old behavior.
The text was updated successfully, but these errors were encountered: