[tlug] GreaseMonkey - Security warning

[Edward Middleton <edwardmiddleton@example.com>]

For anyone who has started using GreaseMonkey.  There has been a
security update released after a potentially serious security problem
was found in GreaseMonkey.  The problem involves some special GM_
functions were being run in the browser context and potentially allows a
malicious web site to read arbitrary local files on your machine, when a
user script is run on their page.

The update disables all GM_ functions.  This will not affect the
operation of the basic scripts covered in the technical meeting but some
of the AJAX based user scripts will no longer function.

To update the GreaseMonkey extension open Firefox and select
Tools->Extensions menu.  In the extensions dialog select GreaseMonkey
and press the update button.  In the Firefox update dialog press the
install now button.  When the update has finished you will need to
restart Firefox for the changes to occur.

Alternatively you can uninstall GreaseMonkey extension by open Firefox
and select Tools->Extensions menu.  In the extensions dialog select
GreaseMonkey and press the Uninstall button and then press the OK
button. When the uninstall has finished you will need to restart Firefox
for the changes to occur.

The following link gives a vulnerability test the you can use to check
your install.
http://atrus.org/hosted/vuln_test.html

The official announcement is at
http://greaseblog.blogspot.com/

A less alarmist assessment of the problem can be found at
http://www.mozdev.org/pipermail/greasemonkey/2005-July/004087.html

If you decide not to use the update make sure you don't have any scripts
that are applied to all pages (*) and that all pages you use scripts on
have trustworthy content.
-- 
Edward Middleton <edwardmiddleton@example.com>