Greasemonkey Security Holes Closed

By Deane Barker on July 27, 2005

Greasemonkey 0.4.1 (The Next Generation): Apparently Greasemonkey has been gutted and put back together to fix the huge security hole in the last version.

I can confim that, despite massive architectural differences, GM-TNG is incredibly backward-compatible, even with complex user scripts like Book Burro, BugMeNot, and GMail Persistent Searches. I can also confirm that this release closes all known security holes.

Those words are from Mark Pilgrim, who was the guy who raised the alarm with the last version. Via Kottke.

And if you want to know if you’re running an old version of Greasemonkey (the version with the vulnerability), just visit Mark’s site at the link above. He kindly exploits the hole for you and tells you that you’re open via this subtle, screen-filing graphic:

What This Links To