[Greasemonkey] Alternative script injection technique proof of
concept
John Plsek
gm at plsek.id.au
Tue Jul 19 19:01:24 EDT 2005
Aaron Boodman wrote:
>I talked to Brendan Eich about this approach and he recommended
>against it since the code will still have chrome permissions if
>executed this way. It could still do things that it should be able to
>without the Components object.
>
>Like,
>
>for (var i = 0; i < window.frames.length; i++) {
> alert(window.frames[i].document.body.innerHTML);
>}
>
>even if the frames are in different domains.
>
>
>
Lets see if I have this correct. The current choices for greasemonkey
(under release versions of FF) are
1) the neutred 0.3.5 .... which means no GM_xmlhttprequest etc
2) the potentially exploitable 0.3.3
3) the potentially exploitable 0.4
4) the unexploitable fix suggested (I take it that it is unexploitable),
which has the side effect of userscripts having increased, and therefore
potentially harmful, yet at the same time useful, privileges.
or, there can be a fifth option ...
adding a "flag" metadata with one of 3 options.
1) neutred (the default if no flag specified)
2) standard - as they are run now, ie, potentially exploitable, but
fully functional
3) trusted - run with the elevated privileges
John
More information about the Greasemonkey
mailing list