Back to search
CVE-2005-2455
Published: Aug 4, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://greasemonkey.mozdev.org/changes/0.3.5.html
x_refsource_CONFIRM
16128
third-party-advisory
x_refsource_SECUNIA
ADV-2005-1147
vdb-entry
x_refsource_VUPEN
[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites
mailing-list
x_refsource_MLIST
mozilla-greasemonkey-information-disclosure(21453)
vdb-entry
x_refsource_XF
http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html
x_refsource_CONFIRM
[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites
mailing-list
x_refsource_MLIST
14336
vdb-entry
x_refsource_BID
1014529
vdb-entry
x_refsource_SECTRACK
18154
vdb-entry
x_refsource_OSVDB
http://www.securiteam.com/securitynews/5CP0P20GBK.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now