Uninstall GreaseMonkey or use version 0.3.5 |
Fire Greasemonkey was going to be the headline, but that didn’t seem to be direct enough so I changed to “Uninstall GreaseMonkey” which is Mark Pilgrim’s advice after the recent discovery that Greasemonkey has a major security hole that could expose users hard drives.
Fellow developer from Sweden, Forser writes:
But the other part of me is sad to see that people still keep getting security holes everywhere, if it isn’t Windows then it is linux/firefox or other opensource software. Recently it seems that opensource has gotten a big spotlight on them since there are more and more security holes found.
Right on, mon. Nothing seems to be safe from exploits. I think part of this is the false bravado that some companies use to promote their products. Firefox was long toted as a more secure browser than Internet Explorer. This was an open challenge to people to prove it was still designed by imperfect human beings. Flaws can be found in every software if someone wants to dig hard enough.
Logic suggests that the cycle should bear software becoming more bulletproof over time, not less, but as new features are released, this brings new code which could have similar holes. And with so many programs staying in beta these days, this is a trend filled with perils.
Solutions? Better and more rigorous true beta testing, tone down the advertising machine making claims of being more secure (this invites people to maliciously hack the code) and less developer turnover. New programmers on unfamiliar code can lead to more mistakes.
This sure doesn’t help the case for open source.
Version 0.3.5 of GreaseMonkey doesn’t contain the GM APIs which are the source of the vulnerability, but also without those APIs most of the non-HTML functionality is lost.
Other bloggers are saying:
mambofrog: “Thankfully I uninstalled Greasemonkey a couple months back.”
Love the Slashdot masthead: “from the uninstall-it-now-man dept.”
Ben Metcalfe: “The general agreement on the list is to totally disable or uninstall GM for the time being… Eeek. ”
mummila.net: “As I didn’t have any critical use for GM, I just chose to uninstall it.”
Did this post make you go hmm?
(Hmm, no ratings yet)
Loading ...Related Posts
- Warning: two critical Firefox bugs
- Helpful security, recovery and protection-related Firefox extensions
- code.google.com
- Getting into Google Gears
- Microsoft reduces the legal jargon with new Shared Source Licenses
- Almost twice the exploits for Firefox as IE from April to September
[…] Some readers might note I’ve pointed to Greasemonkey here a few times which is often used to filter ads and that might seem hypocritical. Greasemonkey is also used for other purposes, some of which are pretty creative and useful. Greasemonkey can be used to add features to a website until the main site adds them. If Greasemonkey was only or primarily an ad filtering program I wouldn’t support them. I’m sure neither Symantec or Greasemonkey gives a damn whether or not a single publisher supports them, but at least readers know where we stand. […]
Pingback by Make You Go Hmm: » Symantec is not completely in the “protection” business — April 13, 2006 @ 12:01 pm PST